General
-
Target
1308-12-0x0000000000400000-0x0000000000724000-memory.dmp
-
Size
3.1MB
-
MD5
8f60770123e76703d8e134877f81b9c6
-
SHA1
c6fc87d406b0855c656f01d68ef04eb9d4a16502
-
SHA256
d2d4bc681d439e1a496ba18052f4c336a2d380144dfbe9d84752d8024bc72afa
-
SHA512
f0e3bdbf52b52cdba4c57cc91979f8ef9af16f85af6c66408e2244e0439c02ccadff6ba257269fa0a987c86603f944aa438f7035c76de634a010bfb14f0cd9e6
-
SSDEEP
49152:rv7G42pda6D+/PjlLOlg6yQipVO3bjEPujk//qoGd/iTHHB72eh2NT:rvy42pda6D+/PjlLOlZyQipVO3bJv
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
CODE
C2
twart.myfirewall.org:9792
rency.ydns.eu:5287
wqo9.firewall-gateway.de:8841
Mutex
02351e291-5d041-4fa37-932c7-869aeiQec514992
Attributes
-
encryption_key
3145298725BA5E0DD56E87FFE3F8898EA81E6EDA
-
install_name
workbook.exe
-
log_directory
Logs
-
reconnect_delay
6000
-
startup_key
workbook
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1308-12-0x0000000000400000-0x0000000000724000-memory.dmp
Headers
Sections