General
-
Target
2848-8-0x0000000000400000-0x0000000000724000-memory.dmp
-
Size
3.1MB
-
Sample
231231-3y76fabaa5
-
MD5
4373fb880af7ba67d06216bc5116d5dd
-
SHA1
dde4836215413283906cca4b86208fdf23b9edfc
-
SHA256
8a983597f1d698ee3fa03845ee32232dde7665d036327a4af17993f445211118
-
SHA512
f065cfc61ea620d665bcc90e7adf0734a60dc0a3b3410d3256165ced1e4080cd2f80ce800580651e0def491768f1803ba7ef1294312e8e7aeccfcf0e3d722bf2
-
SSDEEP
49152:uvKY52fyaSZOrPWluWBuGG5g5h/0Ha95bQDk/mLoGdzSTHHB72eh2NT:uv/52fyaSZOrPWluWBDG5g5hEaM
Behavioral task
behavioral1
Sample
2848-8-0x0000000000400000-0x0000000000724000-memory.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2848-8-0x0000000000400000-0x0000000000724000-memory.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
quasar
1.4.1
update
127.0.0.1:4782
ddb0d81d-667e-44c3-a1b7-00fcb82dd1ef
-
encryption_key
00DF680B0E09235E9256570DFF972BC701444E37
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
putty
-
subdirectory
SubDir
Targets
-
-
Target
2848-8-0x0000000000400000-0x0000000000724000-memory.dmp
-
Size
3.1MB
-
MD5
4373fb880af7ba67d06216bc5116d5dd
-
SHA1
dde4836215413283906cca4b86208fdf23b9edfc
-
SHA256
8a983597f1d698ee3fa03845ee32232dde7665d036327a4af17993f445211118
-
SHA512
f065cfc61ea620d665bcc90e7adf0734a60dc0a3b3410d3256165ced1e4080cd2f80ce800580651e0def491768f1803ba7ef1294312e8e7aeccfcf0e3d722bf2
-
SSDEEP
49152:uvKY52fyaSZOrPWluWBuGG5g5h/0Ha95bQDk/mLoGdzSTHHB72eh2NT:uv/52fyaSZOrPWluWBDG5g5hEaM
Score1/10 -