Overview

overview

10

Static

static

10

1924-57-0x...ry.exe

windows7-x64

1924-57-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1924-57-0x00000000000C0000-0x000000000011E000-memory.dmp

  • Size

    376KB

  • MD5

    20d8d06fdd4a709d61d941f236b9affb

  • SHA1

    c1fcd90d0b829806dc8ad4d6e2f344ee6ec4a9a1

  • SHA256

    3af96f2ed787f02d169e7a9777c2663706855b317e9e4a0f4ead28371c7c8895

  • SHA512

    18d34f3e01a87a3273265d92ce055970c95133ed7ee47457a1204efe23fc8d71612db15fd85ea642a0d84cc4eec043b221d14d4fb1bd77881a37f854d1284333

  • SSDEEP

    6144:k0NzU3eAKdB40HStLwQfMUbJpz3wJxK5CR:5Nue9B408EQfdRwJxK50

Score
10/10
edrawmax quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

EdrawMax

C2

forex.4cloud.click:1981

Mutex

wsbTZmpkXyxm8xAsQP

Attributes
  • encryption_key

    iBgx6lbqLn18oNE3C8cN

  • install_name

    Client.exe

  • log_directory

    16k

  • reconnect_delay

    10000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1924-57-0x00000000000C0000-0x000000000011E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections