General
-
Target
232-29-0x0000000000400000-0x00000000004EC000-memory.dmp
-
Size
944KB
-
MD5
c3ef3cf5ae7fe31c2f61cb77df6c5104
-
SHA1
5e6a00f3c756025224723f533951d8ee5920296a
-
SHA256
f8949f48028c5bbec90f6549986418a2be1ec8d18501b0ee38855a73f01c83c2
-
SHA512
5a04f7f5acc297d76f6efad569a753f727f950d00c25ce217a4da0279d54c611f5f2bd58a751bf34da9efc7be082f54e31cae96d365f8d6e9c1c6f9312fd3246
-
SSDEEP
24576:tmkdueXjq0OQKc2YSEegpQRDLusJLK1lkuoLP:IkdueXjq0OQKc2YSEegpshk1lk
Score
10/10
Malware Config
Extracted
Family
quasar
Version
2.8.0.1
Botnet
j4s0nツ
C2
191.96.79.79:5552
Mutex
k0xu0yaV18JcyOu4RW
Attributes
-
encryption_key
dfDMgawnkTln5Mq1lzTq
-
install_name
Venom.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
232-29-0x0000000000400000-0x00000000004EC000-memory.dmp
Headers
Sections