Overview

overview

10

Static

static

10

3168-1096-...ry.exe

windows7-x64

3168-1096-...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3168-1096-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • MD5

    f9a99b027da7c75e5c0b636f6c65378b

  • SHA1

    5b0aa8cb5c84310cb505316463a7dc9fc79abd16

  • SHA256

    4a0b10b59bd6d77ab17d3dc695b36a6364377b8e86e0d9dc200ea0335f7fbd7f

  • SHA512

    b900511803022277d24db847da5f6e6ec9df01069478e599f3f14a5649072a2be1a4f1e2c3e4b0fb313ce94f0f94a53a02bd419234baff4c8ec3bd519bf14815

  • SSDEEP

    49152:3vLI22SsaNYfdPBldt698dBcjHLqRJ6HbR3LoGdSqTHHB72eh2NT:3v022SsaNYfdPBldt6+dBcjHLqRJ6Z

Score
10/10
manquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

man

C2

nwamama.ydns.eu:3791

Mutex

3302836a-f2f9-4646-981e-42b54ed610dd

Attributes
  • encryption_key

    C058A6A166AF85C9027394334AA2BDC41A9B7D9C

  • install_name

    windows update.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Svchost

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3168-1096-0x0000000000400000-0x0000000000724000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections