General
-
Target
5060-1095-0x0000000000500000-0x0000000000824000-memory.dmp
-
Size
3.1MB
-
Sample
241101-egw5vawfph
-
MD5
3f8c56db3743db21a880f48eaff3d65b
-
SHA1
4d031c117dcce29d91435bf6b987597b4b838119
-
SHA256
a4fa011a58ae0f459ebf4e17e7f9759cb207dac40fdc5418ed3b39b0a76a735f
-
SHA512
f8a40c3d9fe9abd4f2ac0e5174615330110bdcd980982768dc3ed03adf3da6c3b3c20007b7469d96862274e19b140af2d671a7cddf10f3c68af1ccc178bb992f
-
SSDEEP
49152:vvGvE2H5aweBHPbl6T/yGaqA6/Rd0B1JSsoGddTHHB72eh2NT:vv0E2H5aweBHPbl6T/DaqA6/Rd0t
Behavioral task
behavioral1
Sample
5060-1095-0x0000000000500000-0x0000000000824000-memory.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5060-1095-0x0000000000500000-0x0000000000824000-memory.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
panel.o7lab.me
panel.o7lab.me:4782
service.o7lab.xyz:4782
underground-cheat.xyz:4782
service.o7lab.com.tr:4782
84f88b7e-fbb8-40b1-829a-206ff17d9f29
-
encryption_key
9D5D5E73AB412A75009506F89BC73714AF89F744
-
install_name
Client.exe
-
log_directory
WinLog
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
5060-1095-0x0000000000500000-0x0000000000824000-memory.dmp
-
Size
3.1MB
-
MD5
3f8c56db3743db21a880f48eaff3d65b
-
SHA1
4d031c117dcce29d91435bf6b987597b4b838119
-
SHA256
a4fa011a58ae0f459ebf4e17e7f9759cb207dac40fdc5418ed3b39b0a76a735f
-
SHA512
f8a40c3d9fe9abd4f2ac0e5174615330110bdcd980982768dc3ed03adf3da6c3b3c20007b7469d96862274e19b140af2d671a7cddf10f3c68af1ccc178bb992f
-
SSDEEP
49152:vvGvE2H5aweBHPbl6T/yGaqA6/Rd0B1JSsoGddTHHB72eh2NT:vv0E2H5aweBHPbl6T/DaqA6/Rd0t
Score1/10 -