General
-
Target
924-55-0x0000000000D40000-0x0000000000F1A000-memory.dmp
-
Size
1.9MB
-
MD5
33a86a8213be26413dba594389ceaa26
-
SHA1
5ebead5d66117ba6dd220a9475af8274a0849729
-
SHA256
f06bcfca509e189a188c2f49a15d31dc7fc5c894d7af8ff93bab44679290a0c4
-
SHA512
57ba9eb40550036cc58649aa136e84541a1a88469c5e90a11b3599435857b782facb5d8bdd185858c3345809def2d644f51ac0eae1e5285b6a42675d0cc0aa6e
-
SSDEEP
24576:JAZPV7mvQ/8fFNjy+W/cjFdib2z9IolgS4IALW1ej/1dCEsdHD5qt/p+d4x1XeO9:wPV7mYkuehLgSPej/C+Va7Y
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.0.0
Botnet
C2
kas22.kro.kr:25565
Mutex
GoogleCrashHandler
Attributes
-
encryption_key
0VhXsd7kmDzOXpW90Kp9
-
install_name
GoogleCrashHandler.exe
-
log_directory
GoogleLogs
-
reconnect_delay
5000
-
startup_key
GoogleCrashHandler
-
subdirectory
Google
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
924-55-0x0000000000D40000-0x0000000000F1A000-memory.dmp
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections