Overview

overview

10

Static

static

10

1588-33-0x...ry.exe

windows7-x64

1588-33-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1588-33-0x0000000000B20000-0x0000000000E44000-memory.dmp

  • Size

    3.1MB

  • MD5

    2fd8db0f04a8e13c930d76dd0654e340

  • SHA1

    d336a802ecc207d4b47dd51422d3aa641607ee86

  • SHA256

    f6a3f0fc0f6c7f21b8304e4fa231344286627e609f0175f3a2075dc4b75a03fd

  • SHA512

    49da26b5d99a9dcca1c238a00f829276cff2840768707ec6b3ddd05aeb8e35662c287aebd74dd6c9dea252acc0e5645a367949938a5a9ff97472e22afd567e81

  • SSDEEP

    49152:yvkt62XlaSFNWPjljiFa2RoUYIFxDEDwhk/JxuoGdgUTHHB72eh2NT:yv462XlaSFNWPjljiFXRoUYIFxKs

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

147.45.44.138:4782

Mutex

74661366-3221-4ef8-a135-99063277201a

Attributes
  • encryption_key

    9F5E83CF4EAD1B51E34A8D5F82E492881AB9FF3B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Yandex.service

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1588-33-0x0000000000B20000-0x0000000000E44000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections