quasar | 70f5c0d595ac92051c354aa88de66239908229375a434ea409d527c896643edc | Triage

Sharing

General

Target

932-9-0x0000000000400000-0x000000000045E000-memory.dmp
Size

376KB
Sample

241209-kye6jsxnbm
MD5

8da519f0e2854c4d447f3663a6b13233
SHA1

35f5701e2f856b5bfafe0f51b42c6eedb32747fb
SHA256

70f5c0d595ac92051c354aa88de66239908229375a434ea409d527c896643edc
SHA512

ccd851c0e590fcd55905e32bb607984ea935d5d7085e461e6730431fafd05b2e09cab2f167de32e52d0f3482adbbecd79893aa9056dbb7f2d1638f92406f6b0d
SSDEEP

6144:PjEHwNHJslIGohkQOI2cMbyfldcQYbT+Jdq0Ja:bxpsl+RnldVYbiJdq4a

Score

10^/10

quasar office36

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office36

C2

94.156.64.6:7283

Mutex

QSR_MUTEX_jvYKL1Jk1Q2NTx58gc

Attributes

encryption_key
LlEGluc1XmCcZfEs8y6n
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  932-9-0x0000000000400000-0x000000000045E000-memory.dmp
- Size
  
  376KB
- MD5
  
  8da519f0e2854c4d447f3663a6b13233
- SHA1
  
  35f5701e2f856b5bfafe0f51b42c6eedb32747fb
- SHA256
  
  70f5c0d595ac92051c354aa88de66239908229375a434ea409d527c896643edc
- SHA512
  
  ccd851c0e590fcd55905e32bb607984ea935d5d7085e461e6730431fafd05b2e09cab2f167de32e52d0f3482adbbecd79893aa9056dbb7f2d1638f92406f6b0d
- SSDEEP
  
  6144:PjEHwNHJslIGohkQOI2cMbyfldcQYbT+Jdq0Ja:bxpsl+RnldVYbiJdq4a
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2