General

  • Target

    5060-1095-0x0000000000500000-0x0000000000824000-memory.dmp

  • Size

    3.1MB

  • Sample

    241101-egw5vawfph

  • MD5

    3f8c56db3743db21a880f48eaff3d65b

  • SHA1

    4d031c117dcce29d91435bf6b987597b4b838119

  • SHA256

    a4fa011a58ae0f459ebf4e17e7f9759cb207dac40fdc5418ed3b39b0a76a735f

  • SHA512

    f8a40c3d9fe9abd4f2ac0e5174615330110bdcd980982768dc3ed03adf3da6c3b3c20007b7469d96862274e19b140af2d671a7cddf10f3c68af1ccc178bb992f

  • SSDEEP

    49152:vvGvE2H5aweBHPbl6T/yGaqA6/Rd0B1JSsoGddTHHB72eh2NT:vv0E2H5aweBHPbl6T/DaqA6/Rd0t

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

panel.o7lab.me

C2

panel.o7lab.me:4782

service.o7lab.xyz:4782

underground-cheat.xyz:4782

service.o7lab.com.tr:4782

Mutex

84f88b7e-fbb8-40b1-829a-206ff17d9f29

Attributes
  • encryption_key

    9D5D5E73AB412A75009506F89BC73714AF89F744

  • install_name

    Client.exe

  • log_directory

    WinLog

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      5060-1095-0x0000000000500000-0x0000000000824000-memory.dmp

    • Size

      3.1MB

    • MD5

      3f8c56db3743db21a880f48eaff3d65b

    • SHA1

      4d031c117dcce29d91435bf6b987597b4b838119

    • SHA256

      a4fa011a58ae0f459ebf4e17e7f9759cb207dac40fdc5418ed3b39b0a76a735f

    • SHA512

      f8a40c3d9fe9abd4f2ac0e5174615330110bdcd980982768dc3ed03adf3da6c3b3c20007b7469d96862274e19b140af2d671a7cddf10f3c68af1ccc178bb992f

    • SSDEEP

      49152:vvGvE2H5aweBHPbl6T/yGaqA6/Rd0B1JSsoGddTHHB72eh2NT:vv0E2H5aweBHPbl6T/DaqA6/Rd0t

    Score
    1/10

MITRE ATT&CK Matrix

Tasks