Overview

overview

10

Static

static

10

2124-29-0x...ry.exe

windows7-x64

2124-29-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2124-29-0x0000000000230000-0x00000000002B4000-memory.dmp

  • Size

    528KB

  • MD5

    47d257da4c37f1fc6297102824617353

  • SHA1

    8a9bab11122cfef33b18b189858e1c70cd1d8bb8

  • SHA256

    f5d342ca3ad958f996d5a2b83745bd0cc7c4a99ec31c2a1e47dc9402a9985652

  • SHA512

    96e9c6d1ed6e4388d1a5648ecead804f923a1d31dcda63c6107a4bd6d3ad8c29d6e7cdec62a508018b8d97197bd75a7e3c57e27e2217d5b622a2831709d13c5c

  • SSDEEP

    6144:4TEgdc0YNX7IxUpGREWve13+7LOUs6f6YMZlfdwcEysb8F92tw+gcTR35:4TEgdfYWxUkQ61yeC3gtLgcd5

Score
10/10
4drunquasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

4Drun

C2

185.148.3.216:4000

Mutex

c3557859-56ac-475e-b44d-e1b60c20d0d0

Attributes
  • encryption_key

    B000736BEBDF08FC1B6696200651882CF57E43E7

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    3dfx Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2124-29-0x0000000000230000-0x00000000002B4000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections