quasar | 17f20483639742a6d31d57291a58215e42497fce905e6b1da83e5db2381e15e4 | Triage

Sharing

General

Target

8404-341-0x0000000000400000-0x000000000045E000-memory.dmp
Size

376KB
Sample

241227-cr2rzazjf1
MD5

ab75b0cf6d7cf65987a02b08bb8aa7f6
SHA1

cd72d92ba2fd11d05471fe4b2ceebbee1d5b0577
SHA256

17f20483639742a6d31d57291a58215e42497fce905e6b1da83e5db2381e15e4
SHA512

35c6536372a09fc329f203228834b42ca2dbd0c0a51e63e591bea5e3fddabdb58b64d1916a7406cdb3c5f0020f0bd6ae79f920bb94e2f9ccad8618bbd2a05cac
SSDEEP

6144:5zNHXf500MKo5DD45lvmbIz/xD87Rz9jkVBf54lW:dd509D0BR/xQ719jC5iW

Score

10^/10

quasar xnx

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Xnx

C2

89.105.219.152:4444

Mutex

QSR_MUTEX_mtUgT7P5LHeU78kv3K

Attributes

encryption_key
TmvEOmy8eWlkKOpyXYAk
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  8404-341-0x0000000000400000-0x000000000045E000-memory.dmp
- Size
  
  376KB
- MD5
  
  ab75b0cf6d7cf65987a02b08bb8aa7f6
- SHA1
  
  cd72d92ba2fd11d05471fe4b2ceebbee1d5b0577
- SHA256
  
  17f20483639742a6d31d57291a58215e42497fce905e6b1da83e5db2381e15e4
- SHA512
  
  35c6536372a09fc329f203228834b42ca2dbd0c0a51e63e591bea5e3fddabdb58b64d1916a7406cdb3c5f0020f0bd6ae79f920bb94e2f9ccad8618bbd2a05cac
- SSDEEP
  
  6144:5zNHXf500MKo5DD45lvmbIz/xD87Rz9jkVBf54lW:dd509D0BR/xQ719jC5iW
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2