General
-
Target
956-1094-0x0000000000400000-0x0000000000724000-memory.dmp
-
Size
3.1MB
-
MD5
aceda2eabbb1217a04b3482643bef80a
-
SHA1
b6f12e3b72968ef59a05d10813178820993a28b5
-
SHA256
997c0bfeece759be86320f17cca8b73e7a3c7c82f0df106867c41eede462523f
-
SHA512
df59ddba06935b69cab8a78383c270b97100a432980e42106353a693066563da52903bb29e05ed47c50ab8c7d5add521dae9dc5a922444cc937b9e5fbc40a5b6
-
SSDEEP
49152:KvWI22SsaNYfdPBldt698dBcjHZ35bbR4jLoGduATHHB72eh2NT:Kv722SsaNYfdPBldt6+dBcjHZ352v
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Moveit
C2
193.142.146.212:4782
Mutex
4b1cd0e7-d736-4aba-b4c8-067d2567b03d
Attributes
-
encryption_key
E12B8859E2195F69A0C4E8D7025D91C844CB8B49
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
956-1094-0x0000000000400000-0x0000000000724000-memory.dmp
Headers
Sections