Overview

overview

10

Static

static

10

1824-1095-...ry.exe

windows7-x64

1824-1095-...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1824-1095-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • MD5

    68624c921d6b6d4eee3bcedb71c23f69

  • SHA1

    21deb415cd228265bcb3dc77f0a7bd2edbd92bf9

  • SHA256

    5ea71716c28c739b7cb68cb26ac8ef2edc56ed4a551922d24bf4abbcdf4aef68

  • SHA512

    ab13b790363548d353d40e59b4d8670beefcbd7c48d789ed32e394a39729d2974ddb8adca7a21b4e9ed1c268c0f581f9ed85dfc7ecc650695b1a8072670c1410

  • SSDEEP

    49152:Ovdt62XlaSFNWPjljiFa2RoUYIaxcEf8ik/JaNoGdHTHHB72eh2NT:Ovf62XlaSFNWPjljiFXRoUYIaxqY

Score
10/10
ching-chongquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CHING-CHONG

C2

goooooooool.com:1337

Mutex

771ac64-b9299-43dc-b9229-3a828da05

Attributes
  • encryption_key

    1FBC2542A1A2F356C726019FD7BD6FEA628A4E1A

  • install_name

    shellhost.exe

  • log_directory

    syslogs

  • reconnect_delay

    3333

  • startup_key

    ShellHost

  • subdirectory

    Code

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1824-1095-0x0000000000400000-0x0000000000724000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections