quasar | d693594870274f56eeef6912051994dad805bb45857428e70d07a5a9eae230b4 | Triage

Sharing

General

Target

2468-6-0x0000000000400000-0x0000000000724000-memory.dmp
Size

3.1MB
Sample

250209-vjvykaxndt
MD5

db24225e77d3d4bc7b27b40a1d35c956
SHA1

cab9d2b743963b35ec96df2034bcdfb4a59dd2fa
SHA256

d693594870274f56eeef6912051994dad805bb45857428e70d07a5a9eae230b4
SHA512

078dbc9d4e72d6bfd2f9d4be3719e36188fa4f396f64bc4a9027b290ce75b14d80208d8c0cfefedeb966de85d3ba1845dc52d0cc26b6c847bd42df001f50c1ae
SSDEEP

49152:Lvyt62XlaSFNWPjljiFa2RoUYvZL3uiVwGdLRTHHB72eh2NT:Lva62XlaSFNWPjljiFXRoUYvZL3ue

Score

10^/10

quasar installs

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

installs

C2

uptimebot.kozow.com:1433

Mutex

e9dcc42b-891b-4ecf-8c28-a7f0902ea9f5

Attributes

encryption_key
BEAE5A044A95E05C2D32FE96BBDBA968D6356219
install_name
plesk.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Startup
subdirectory
Plesk

Targets

- Target
  
  2468-6-0x0000000000400000-0x0000000000724000-memory.dmp
- Size
  
  3.1MB
- MD5
  
  db24225e77d3d4bc7b27b40a1d35c956
- SHA1
  
  cab9d2b743963b35ec96df2034bcdfb4a59dd2fa
- SHA256
  
  d693594870274f56eeef6912051994dad805bb45857428e70d07a5a9eae230b4
- SHA512
  
  078dbc9d4e72d6bfd2f9d4be3719e36188fa4f396f64bc4a9027b290ce75b14d80208d8c0cfefedeb966de85d3ba1845dc52d0cc26b6c847bd42df001f50c1ae
- SSDEEP
  
  49152:Lvyt62XlaSFNWPjljiFa2RoUYvZL3uiVwGdLRTHHB72eh2NT:Lva62XlaSFNWPjljiFXRoUYvZL3ue
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2