Overview

overview

10

Static

static

10

2984-24-0x...ry.exe

windows7-x64

2984-24-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2984-24-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • MD5

    22ce4609a3ea9104acfb107f5ca61fc1

  • SHA1

    bb85b26c0ca845346445d46a2fc9e59c17ff04f2

  • SHA256

    2ef0c6b0d1795419b153d00978f264e2bda8db4bfddbe4ecd9b91533ed5038ac

  • SHA512

    78327c8d41c87664b79b910f9f2e8cc773df39bebac39da975b3996e9afc9f74c1d0302fe299166d64d8b492a093a0ae44917edeb153dd755be77f06be2848ae

  • SSDEEP

    49152:mvzlL26AaNeWgPhlmVqvMQ7XSKS1uPQOMfpuoGdNVubTHHB72eh2NT:mvpL26AaNeWgPhlmVqkQ7XSKS1uPQaD

Score
10/10
rd scraper rdp may 9quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Rd Scraper Rdp May 9

C2

new2024q.ddns.net:7080

Mutex

7f38961c-3ed6-4d68-9e17-518ad3eed98c

Attributes
  • encryption_key

    8958325E33A13640D6B486F10B79591D5E528432

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2984-24-0x0000000000400000-0x0000000000724000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections