quasar | 427958124c230a32a877abb0e8812cc3c0e35128218abf469f5d0f89e184761f | Triage

Sharing

General

Target

2976-14-0x0000000000400000-0x000000000045E000-memory.dmp
Size

376KB
Sample

241107-rvffgatgkn
MD5

05f6d2dba25560284c755c7f6af8157b
SHA1

cc281471906f809d39ef7301f616e7c8ecb98c53
SHA256

427958124c230a32a877abb0e8812cc3c0e35128218abf469f5d0f89e184761f
SHA512

39ee6adb8e4a4210f2859e3069f568da5209ef0042eef90f299d15bc6df0fd0c5f9ea1a2d024ff5ce19a5b4dd504d08db69fb0aec5bea840e5b88aee1202f42a
SSDEEP

3072:cDrt+8Hiefcu00MKpyDcsvMPjMPQ/okqeXyrbZxwjXEThkbLCghBSe7a1Ku/tD6b:cnNHXf500Mc8aCxw7rbmnJFzGlH

Score

10^/10

quasar nero burning discovery

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Nero Burning

C2

craftUP.giize.com:1981

Mutex

BBzSa82IRLs6ETOrGg

Attributes

encryption_key
3rtKM7Lqb1dyokF6xwWI
install_name
Client.exe
log_directory
VR
reconnect_delay
4000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  2976-14-0x0000000000400000-0x000000000045E000-memory.dmp
- Size
  
  376KB
- MD5
  
  05f6d2dba25560284c755c7f6af8157b
- SHA1
  
  cc281471906f809d39ef7301f616e7c8ecb98c53
- SHA256
  
  427958124c230a32a877abb0e8812cc3c0e35128218abf469f5d0f89e184761f
- SHA512
  
  39ee6adb8e4a4210f2859e3069f568da5209ef0042eef90f299d15bc6df0fd0c5f9ea1a2d024ff5ce19a5b4dd504d08db69fb0aec5bea840e5b88aee1202f42a
- SSDEEP
  
  3072:cDrt+8Hiefcu00MKpyDcsvMPjMPQ/okqeXyrbZxwjXEThkbLCghBSe7a1Ku/tD6b:cnNHXf500Mc8aCxw7rbmnJFzGlH
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

nero burningquasar

behavioral1

behavioral2