quasar | 47452e15c018fdacaf15b214ceddf8117469a8a296eb4dcc5713252c5e71ea32 | Triage

Sharing

General

Target

2592-1097-0x0000000000400000-0x0000000000724000-memory.dmp
Size

3.1MB
Sample

241107-d38kbsveqn
MD5

9964d192e7e03cc448b2644dff4b3678
SHA1

78f59279c7981bc743fcd6b21dddcdaa17583906
SHA256

47452e15c018fdacaf15b214ceddf8117469a8a296eb4dcc5713252c5e71ea32
SHA512

3068821fe7e3d1025cf251c93208752f00e290675b01e2ea5e2b328940a33e697ea11b7b32da4169222b446774368fcd659efaffff319861d03ed8de6f5e8f28
SSDEEP

49152:WvbI22SsaNYfdPBldt698dBcjHPcRJ6ibR3LoGdPLTHHB72eh2NT:Wvk22SsaNYfdPBldt6+dBcjHPcRJ6c/

Score

10^/10

quasar office04

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

162.230.48.189:4782

Mutex

b739d9d4-46e7-4623-b745-58f79e3de3da

Attributes

encryption_key
1101B928CCB2F89CEEC9E5352468A3EF026F77D5
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  2592-1097-0x0000000000400000-0x0000000000724000-memory.dmp
- Size
  
  3.1MB
- MD5
  
  9964d192e7e03cc448b2644dff4b3678
- SHA1
  
  78f59279c7981bc743fcd6b21dddcdaa17583906
- SHA256
  
  47452e15c018fdacaf15b214ceddf8117469a8a296eb4dcc5713252c5e71ea32
- SHA512
  
  3068821fe7e3d1025cf251c93208752f00e290675b01e2ea5e2b328940a33e697ea11b7b32da4169222b446774368fcd659efaffff319861d03ed8de6f5e8f28
- SSDEEP
  
  49152:WvbI22SsaNYfdPBldt698dBcjHPcRJ6ibR3LoGdPLTHHB72eh2NT:Wvk22SsaNYfdPBldt6+dBcjHPcRJ6c/
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2