Overview

overview

10

Static

static

10

1824-1095-...ry.exe

windows7-x64

1824-1095-...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1824-1095-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • Sample

    241106-tg2gwstara

  • MD5

    68624c921d6b6d4eee3bcedb71c23f69

  • SHA1

    21deb415cd228265bcb3dc77f0a7bd2edbd92bf9

  • SHA256

    5ea71716c28c739b7cb68cb26ac8ef2edc56ed4a551922d24bf4abbcdf4aef68

  • SHA512

    ab13b790363548d353d40e59b4d8670beefcbd7c48d789ed32e394a39729d2974ddb8adca7a21b4e9ed1c268c0f581f9ed85dfc7ecc650695b1a8072670c1410

  • SSDEEP

    49152:Ovdt62XlaSFNWPjljiFa2RoUYIaxcEf8ik/JaNoGdHTHHB72eh2NT:Ovf62XlaSFNWPjljiFXRoUYIaxqY

Score
10/10
quasarching-chong

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CHING-CHONG

C2

goooooooool.com:1337

Mutex

771ac64-b9299-43dc-b9229-3a828da05

Attributes
  • encryption_key

    1FBC2542A1A2F356C726019FD7BD6FEA628A4E1A

  • install_name

    shellhost.exe

  • log_directory

    syslogs

  • reconnect_delay

    3333

  • startup_key

    ShellHost

  • subdirectory

    Code

Targets

    • Target

      1824-1095-0x0000000000400000-0x0000000000724000-memory.dmp

    • Size

      3.1MB

    • MD5

      68624c921d6b6d4eee3bcedb71c23f69

    • SHA1

      21deb415cd228265bcb3dc77f0a7bd2edbd92bf9

    • SHA256

      5ea71716c28c739b7cb68cb26ac8ef2edc56ed4a551922d24bf4abbcdf4aef68

    • SHA512

      ab13b790363548d353d40e59b4d8670beefcbd7c48d789ed32e394a39729d2974ddb8adca7a21b4e9ed1c268c0f581f9ed85dfc7ecc650695b1a8072670c1410

    • SSDEEP

      49152:Ovdt62XlaSFNWPjljiFa2RoUYIaxcEf8ik/JaNoGdHTHHB72eh2NT:Ovf62XlaSFNWPjljiFXRoUYIaxqY

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks