Overview

overview

10

Static

static

10

5080-55-0x...ry.exe

windows7-x64

5080-55-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    5080-55-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • MD5

    05777f40a0290ab62f240f51b6aa6b07

  • SHA1

    bfa8be9f83b18f862b302a8edf05f243afacb2e6

  • SHA256

    35f4ef78b3818179e9037141a1e41280e8a972c7e4ffd9fe32224eb128b1f3ab

  • SHA512

    d2f1d900461703a9f1676940ecc724026ef6d04a7bb4a7ed207d2d4f2aad1a5cee4c9267e7c1f249c0a4abf35103c335b962d14fa355b5650b4b7363609f4ba3

  • SSDEEP

    49152:ivYt62XlaSFNWPjljiFa2RoUYIt7RJ61bR3LoGdDM8THHB72eh2NT:iv062XlaSFNWPjljiFXRoUYIt7RJ6HA

Score
10/10
quackquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Quack

C2

51.79.171.174:1337

Mutex

07a03746-8e2d-46fb-91ff-f614dfb5f3bb

Attributes
  • encryption_key

    CFB4F4CA022C9B6355A56391E851519D74D8996A

  • install_name

    svchost.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    svchost

  • subdirectory

    Windows

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5080-55-0x0000000000400000-0x0000000000724000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections