General

  • Target

    956-1094-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • MD5

    aceda2eabbb1217a04b3482643bef80a

  • SHA1

    b6f12e3b72968ef59a05d10813178820993a28b5

  • SHA256

    997c0bfeece759be86320f17cca8b73e7a3c7c82f0df106867c41eede462523f

  • SHA512

    df59ddba06935b69cab8a78383c270b97100a432980e42106353a693066563da52903bb29e05ed47c50ab8c7d5add521dae9dc5a922444cc937b9e5fbc40a5b6

  • SSDEEP

    49152:KvWI22SsaNYfdPBldt698dBcjHZ35bbR4jLoGduATHHB72eh2NT:Kv722SsaNYfdPBldt6+dBcjHZ352v

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Moveit

C2

193.142.146.212:4782

Mutex

4b1cd0e7-d736-4aba-b4c8-067d2567b03d

Attributes
  • encryption_key

    E12B8859E2195F69A0C4E8D7025D91C844CB8B49

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 956-1094-0x0000000000400000-0x0000000000724000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections