General
-
Target
216-159-0x0000000000400000-0x000000000045E000-memory.dmp
-
Size
376KB
-
MD5
615aa65cc2fba7add3340ca7cbe7d1e6
-
SHA1
efe7950af0bac4e3ff207ab64adf0249bb127684
-
SHA256
2e87b99d219b7aca44d98ef87499a6d8a6637a56c79af3b238efd67ec181ac27
-
SHA512
2a15f010c2bc2a243b745c702e3909aba09efff348607bdd909d59a29528a29b592982f79c30ec59e0d9a8ca47008d21fc78fbb88ea9de0dc9bd4f8abef5f49e
-
SSDEEP
6144:hp+zrEsiN1Pb7Rm1z97boE2KkImfreH+5fBKS4L4B:XxsiNHk94EjArRJZ4MB
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.3.0.0
Botnet
HBop
C2
2.59.255.71:64594
kolptyubeatcam.sytes.net:64594
fronpeatcam.publicvm.com:64595
Mutex
QSR_MUTEX_Qpkeji0piuuAuuwlUS
Attributes
-
encryption_key
PMmQsy93Lu14wpJlqzMs
-
install_name
cres.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
odm
-
subdirectory
oilk
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
216-159-0x0000000000400000-0x000000000045E000-memory.dmp
Headers
Sections