Overview

overview

10

Static

static

10

1216-1-0x0...ry.exe

windows7-x64

10

1216-1-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1216-1-0x0000000000310000-0x00000000006D4000-memory.dmp

  • Size

    3.8MB

  • MD5

    c1a5f8470232b68b09a6fe6691f4565a

  • SHA1

    ab6acb15a549ed408d8f54fcf904e0422cfe61fb

  • SHA256

    8f33037c5ba0809a6f752d5b47cbc4be92ed035c72a1f36fabce73b1602ba716

  • SHA512

    469a2a5b53e1a833fb9fcc8a011859b3ef3594a9d0b1fd4cd9d7ac0b528745305748201fc2df1565ff09ed52ae7b800c76053a52fe029acd402dea40370fc9d0

  • SSDEEP

    49152:Kk/uWOo//RECDAQsn8BErTPIL5BZm7GtaadCm0tkjFQrjb5caEr:Kkx/5ECDAQlCnIL07ualvtkFQ7iaEr

Score
10/10
nulledquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

nulled

C2

147.50.240.233:8008

Mutex

QSR_MUTEX_vjlanSKDAVykDAvDJ6

Attributes
  • encryption_key

    d4qN0cIZpTNNR0XsDxxy

  • install_name

    thick.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    updates

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1216-1-0x0000000000310000-0x00000000006D4000-memory.dmp
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections