Overview

overview

10

Static

static

10

1128-123-0...ry.exe

windows7-x64

1128-123-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1128-123-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • MD5

    2fb03fcf0860ce33d7696831cd0de4fc

  • SHA1

    ed35c6c859a2a0480899dce3db89b2ac6043114b

  • SHA256

    cd6e6c7a3239926530dc4105d156dad1d4bc1960075de60412d9c1824bcc876e

  • SHA512

    0952b59a9ba94abb2172c54c98bdc316609212111709775988fb7da032918d39601a70bfa6fc44e6a6b6a8171748e1d55574455feb9ade624a49c6b5f25bf9e3

  • SSDEEP

    6144:Dmwb/c2L0tsBmSAUvQbIfR42krsgYp+iEaHh:qH2LHYytm2Rgm+iEKh

Score
10/10
300quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

300

C2

windows10-11.ddnsfree.com:5552

windows10-11.ddns.net:5552
Mutex

QSR_MUTEX_EDK2mTJCIRHYLqOOOz

Attributes
  • encryption_key

    ZTfuIwaAdGJ7DbdAS9Km

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1128-123-0x0000000000400000-0x000000000045E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections