quasar | f5d342ca3ad958f996d5a2b83745bd0cc7c4a99ec31c2a1e47dc9402a9985652 | Triage

Sharing

General

Target

2124-29-0x0000000000230000-0x00000000002B4000-memory.dmp
Size

528KB
Sample

241227-p8jzpsvqdv
MD5

47d257da4c37f1fc6297102824617353
SHA1

8a9bab11122cfef33b18b189858e1c70cd1d8bb8
SHA256

f5d342ca3ad958f996d5a2b83745bd0cc7c4a99ec31c2a1e47dc9402a9985652
SHA512

96e9c6d1ed6e4388d1a5648ecead804f923a1d31dcda63c6107a4bd6d3ad8c29d6e7cdec62a508018b8d97197bd75a7e3c57e27e2217d5b622a2831709d13c5c
SSDEEP

6144:4TEgdc0YNX7IxUpGREWve13+7LOUs6f6YMZlfdwcEysb8F92tw+gcTR35:4TEgdfYWxUkQ61yeC3gtLgcd5

Score

10^/10

quasar 4drun

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

4Drun

C2

185.148.3.216:4000

Mutex

c3557859-56ac-475e-b44d-e1b60c20d0d0

Attributes

encryption_key
B000736BEBDF08FC1B6696200651882CF57E43E7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
3dfx Startup
subdirectory
SubDir

Targets

- Target
  
  2124-29-0x0000000000230000-0x00000000002B4000-memory.dmp
- Size
  
  528KB
- MD5
  
  47d257da4c37f1fc6297102824617353
- SHA1
  
  8a9bab11122cfef33b18b189858e1c70cd1d8bb8
- SHA256
  
  f5d342ca3ad958f996d5a2b83745bd0cc7c4a99ec31c2a1e47dc9402a9985652
- SHA512
  
  96e9c6d1ed6e4388d1a5648ecead804f923a1d31dcda63c6107a4bd6d3ad8c29d6e7cdec62a508018b8d97197bd75a7e3c57e27e2217d5b622a2831709d13c5c
- SSDEEP
  
  6144:4TEgdc0YNX7IxUpGREWve13+7LOUs6f6YMZlfdwcEysb8F92tw+gcTR35:4TEgdfYWxUkQ61yeC3gtLgcd5
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2