quasar | d2d4bc681d439e1a496ba18052f4c336a2d380144dfbe9d84752d8024bc72afa | Triage

Sharing

General

Target

1308-12-0x0000000000400000-0x0000000000724000-memory.dmp
Size

3.1MB
Sample

241112-k1jlraslgn
MD5

8f60770123e76703d8e134877f81b9c6
SHA1

c6fc87d406b0855c656f01d68ef04eb9d4a16502
SHA256

d2d4bc681d439e1a496ba18052f4c336a2d380144dfbe9d84752d8024bc72afa
SHA512

f0e3bdbf52b52cdba4c57cc91979f8ef9af16f85af6c66408e2244e0439c02ccadff6ba257269fa0a987c86603f944aa438f7035c76de634a010bfb14f0cd9e6
SSDEEP

49152:rv7G42pda6D+/PjlLOlg6yQipVO3bjEPujk//qoGd/iTHHB72eh2NT:rvy42pda6D+/PjlLOlZyQipVO3bJv

Score

10^/10

quasar code

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CODE

C2

twart.myfirewall.org:9792

rency.ydns.eu:5287

wqo9.firewall-gateway.de:8841

Mutex

02351e291-5d041-4fa37-932c7-869aeiQec514992

Attributes

encryption_key
3145298725BA5E0DD56E87FFE3F8898EA81E6EDA
install_name
workbook.exe
log_directory
Logs
reconnect_delay
6000
startup_key
workbook
subdirectory
SubDir

Targets

- Target
  
  1308-12-0x0000000000400000-0x0000000000724000-memory.dmp
- Size
  
  3.1MB
- MD5
  
  8f60770123e76703d8e134877f81b9c6
- SHA1
  
  c6fc87d406b0855c656f01d68ef04eb9d4a16502
- SHA256
  
  d2d4bc681d439e1a496ba18052f4c336a2d380144dfbe9d84752d8024bc72afa
- SHA512
  
  f0e3bdbf52b52cdba4c57cc91979f8ef9af16f85af6c66408e2244e0439c02ccadff6ba257269fa0a987c86603f944aa438f7035c76de634a010bfb14f0cd9e6
- SSDEEP
  
  49152:rv7G42pda6D+/PjlLOlg6yQipVO3bjEPujk//qoGd/iTHHB72eh2NT:rvy42pda6D+/PjlLOlZyQipVO3bJv
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2