General
-
Target
2100-22-0x0000000000B20000-0x0000000001364000-memory.dmp
-
Size
8.3MB
-
Sample
240115-dywpzagdhn
-
MD5
d09b7c00641b26c54ac040b016d5aa74
-
SHA1
c6cf3d7876acbe071ab55221043d8c4cbee046ca
-
SHA256
67bb8a6004b96f5d280638240e99eafa699699f0bbc86ed1a449e4814d235bdf
-
SHA512
dbeff9b553644c85154d2d2c0cda7ff1a8daf099885f67443a22ce3594746df1a6ff39d4e2250da9eb2f7070277f6ce55c58686b7cef0306c481316cf30eac31
-
SSDEEP
98304:Avm42pda6D+/PjlLOlZyQipV0TRJ6uKebiiC1Gx6ck05VdMiMOk8kgHjBAHvEIxM:+yOpUXAAkEHjB8h306M
Behavioral task
behavioral1
Sample
2100-22-0x0000000000B20000-0x0000000001364000-memory.exe
Resource
win7-20231215-en
Malware Config
Extracted
quasar
1.4.1
UPDATE
armamagedomupdate.ddns.net:4782
127.0.0.1:4782
186.222.176.105:4782
1b6d7fed-1a52-4066-b013-42889840485c
-
encryption_key
C77872F68B89499AA5521BDFC1B6CC41F2578CAE
-
install_name
UPDATE.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
AutoUpdate
-
subdirectory
SubDir
Targets
-
-
Target
2100-22-0x0000000000B20000-0x0000000001364000-memory.dmp
-
Size
8.3MB
-
MD5
d09b7c00641b26c54ac040b016d5aa74
-
SHA1
c6cf3d7876acbe071ab55221043d8c4cbee046ca
-
SHA256
67bb8a6004b96f5d280638240e99eafa699699f0bbc86ed1a449e4814d235bdf
-
SHA512
dbeff9b553644c85154d2d2c0cda7ff1a8daf099885f67443a22ce3594746df1a6ff39d4e2250da9eb2f7070277f6ce55c58686b7cef0306c481316cf30eac31
-
SSDEEP
98304:Avm42pda6D+/PjlLOlZyQipV0TRJ6uKebiiC1Gx6ck05VdMiMOk8kgHjBAHvEIxM:+yOpUXAAkEHjB8h306M
-
Quasar payload
-
Executes dropped EXE
-