Overview

overview

10

Static

static

10

3044-20-0x...ry.exe

windows7-x64

3044-20-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    3044-20-0x0000000000660000-0x0000000000984000-memory.dmp

  • Size

    3.1MB

  • MD5

    967920baf5b36ceb5bae398fe47e281c

  • SHA1

    77d1ed04bcf56713d9f7088b214ef2edd0a28d16

  • SHA256

    6fcf9bf308e2b3b3020a54322cb5f7e524b986daaeb6b8d77f19401c550bf3e5

  • SHA512

    cc1c99440bf75c1805f83bbbfb627d629a4008c35f96a050739dd9853ddf3ce2f8a1466bc831e48db0f766a71bd5b6f2fcce2fe671cfdbdef989d1f267dfef35

  • SSDEEP

    49152:EvBt62XlaSFNWPjljiFa2RoUYIWE+dEYDmk/7eAoGdp8WTHHB72eh2NT:Evr62XlaSFNWPjljiFXRoUYIWE+Hl

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

93.123.85.108:4782

Mutex

e14b8f59-979b-4ebf-8602-dd3c4d6c301e

Attributes
  • encryption_key

    534734397C0FA9A1D28F061AD75DF4100BFF5787

  • install_name

    Msconfig.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    msconfig.exe

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3044-20-0x0000000000660000-0x0000000000984000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections