quasar | 4a0b10b59bd6d77ab17d3dc695b36a6364377b8e86e0d9dc200ea0335f7fbd7f | Triage

Sharing

General

Target

3168-1096-0x0000000000400000-0x0000000000724000-memory.dmp
Size

3.1MB
Sample

241118-t5an3szpdz
MD5

f9a99b027da7c75e5c0b636f6c65378b
SHA1

5b0aa8cb5c84310cb505316463a7dc9fc79abd16
SHA256

4a0b10b59bd6d77ab17d3dc695b36a6364377b8e86e0d9dc200ea0335f7fbd7f
SHA512

b900511803022277d24db847da5f6e6ec9df01069478e599f3f14a5649072a2be1a4f1e2c3e4b0fb313ce94f0f94a53a02bd419234baff4c8ec3bd519bf14815
SSDEEP

49152:3vLI22SsaNYfdPBldt698dBcjHLqRJ6HbR3LoGdSqTHHB72eh2NT:3v022SsaNYfdPBldt6+dBcjHLqRJ6Z

Score

10^/10

quasar man

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

man

C2

nwamama.ydns.eu:3791

Mutex

3302836a-f2f9-4646-981e-42b54ed610dd

Attributes

encryption_key
C058A6A166AF85C9027394334AA2BDC41A9B7D9C
install_name
windows update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Svchost
subdirectory
SubDir

Targets

- Target
  
  3168-1096-0x0000000000400000-0x0000000000724000-memory.dmp
- Size
  
  3.1MB
- MD5
  
  f9a99b027da7c75e5c0b636f6c65378b
- SHA1
  
  5b0aa8cb5c84310cb505316463a7dc9fc79abd16
- SHA256
  
  4a0b10b59bd6d77ab17d3dc695b36a6364377b8e86e0d9dc200ea0335f7fbd7f
- SHA512
  
  b900511803022277d24db847da5f6e6ec9df01069478e599f3f14a5649072a2be1a4f1e2c3e4b0fb313ce94f0f94a53a02bd419234baff4c8ec3bd519bf14815
- SSDEEP
  
  49152:3vLI22SsaNYfdPBldt698dBcjHLqRJ6HbR3LoGdSqTHHB72eh2NT:3v022SsaNYfdPBldt6+dBcjHLqRJ6Z
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2