General

  • Target

    2472-37-0x0000000000200000-0x0000000000560000-memory.dmp

  • Size

    3.4MB

  • MD5

    154b837c73d5ca392f4ce23130172a56

  • SHA1

    0f619fbb1007fbf01f43d22b508079c3212eb121

  • SHA256

    efd7ee5405decb920e33aab38c77db6326d06062949e26d5f35f96947508457b

  • SHA512

    4c69c591e4e2eb6bb7f824c5158d2f461763e676a95756dd99329fcb41fa86cb7e8235252b7415188504cf836bb7dccc07c854dbc59b4725864fc006b04db96b

  • SSDEEP

    49152:oxjJY3/ojVm0LC8hT+N0c1gZjayFGSlYR99NYTHHB72eh2NToS3:oxj+enC8F+N0c1uarv

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

27.02 - r

C2

194.87.252.184:4782

Mutex

1127ef31-5071-4c30-bbbe-8bcb36d37abd

Attributes
  • encryption_key

    DD459BB92A43EF8EEB2FE401C8453F685AECE590

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2472-37-0x0000000000200000-0x0000000000560000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections