Overview

overview

10

Static

static

10

1296-69-0x...ry.exe

windows7-x64

1296-69-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1296-69-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • MD5

    0ae162e47ece9afc55cdffbd41b38bd7

  • SHA1

    baf3461f966d9b27de9e1f2c430aa1e61153ea66

  • SHA256

    983de2ae3027bbbcd76ab0e78697ce63536e03d572a0f31fea093ce336baa023

  • SHA512

    7742ab9fb4e8e613d1030ca8a1a30a92fd3fedeb4cbc57a06ca56aa019455015bbdbf5d16eeab615d785b8446319e457c11ebdcca8099f059c66a859d43cd484

  • SSDEEP

    6144:ot6bPXhLApfpNlJ53QLy6bVyefqyDi4MHRNhg:cmhApFJ2ylyu4MHRNhg

Score
10/10
successquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

SUCCESS

C2

41.185.97.216:4782

Mutex

MUTEX_KMkEYpkuWKDvhVsEcT

Attributes
  • encryption_key

    kbnBYlo1Zoug7VQGhNv1

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    cmd

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1296-69-0x0000000000400000-0x000000000045E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections