General

  • Target

    2512-2796-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • MD5

    466cc5d7ca69c4c86a2359537f8503f8

  • SHA1

    21e28a6b59a78a27e6b7bf6037fcd5888103cc75

  • SHA256

    31acdbdc3ea483bc0fed8d33a828b8f987e8514b7d147ad110a1b01487254cbb

  • SHA512

    94ddb2209255636d6b587091023b657113adba86ba121d9163fd87c5846d95a77edc612839bc676312dbee4d67a88715c12b602d5ac3d4cdf1f7156862bbd1f0

  • SSDEEP

    6144:/w6bPXhLApfpvIoNRzv0ybl+EHNCgmE9ynbH8y:omhApHNhMqxQgm2ynbH8y

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

3rd JULY

C2

19ap22.duckdns.org:5555

Mutex

QSR_MUTEX_7BYyMaxeyNiBPsTahI

Attributes
  • encryption_key

    FKtxNVbGt2pxY6yyI19X

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    notes

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2512-2796-0x0000000000400000-0x000000000045E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections