General
-
Target
1720-66-0x0000000000400000-0x000000000045E000-memory.dmp
-
Size
376KB
-
MD5
fb0731dd581770e6f31d88b5a03242c3
-
SHA1
c2cb4815dbf4faf3dd8e4bc089758f4be7a13edd
-
SHA256
d52f05d6eaf83dc86a92eeb8e0d349d6fbadee51bf7baea787e492ab49affa40
-
SHA512
235dd8568f74655c58841a66327b38e1b375a3b52da8722a951e7459353cc2b007a496715e7ab4b7a3efd81a2fd595a8171f0536a386eef183474637f90071ce
-
SSDEEP
6144:4I6bPXhLApfpdtM7speRO/MDa0v6prsHUbXy3BbJjUeykFvM5lK:BmhApO7dWOEODFvM5lK
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.3.0.0
Botnet
hwl
C2
camgreetgroop.sytes.net:64578
Mutex
QSR_MUTEX_uXyr2s0hu5oh27MrQH
Attributes
-
encryption_key
Ct5dpgJ3AraRRurwTjm8
-
install_name
cit.exe
-
log_directory
Logs
-
reconnect_delay
9000
-
startup_key
bte
-
subdirectory
rvi
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Files
-
1720-66-0x0000000000400000-0x000000000045E000-memory.dmp
Headers
Sections