General
-
Target
0f916e2d5c15978bcd3ec243139c9a10_JaffaCakes118
-
Size
13KB
-
Sample
240328-zjq2tsgb31
-
MD5
0f916e2d5c15978bcd3ec243139c9a10
-
SHA1
8e19f68151e1b0c7f738a15731d99746e3fc7bfb
-
SHA256
aa558ca6d275da03c25907670fd9717e5979715d376b46051882fd27c153cefa
-
SHA512
e8e8cc9fb1a8455b5c0a83555710a28c4d72fef20af5f33f19aad98795df5998c3c4ad0fea1e0a460ba5c2409c23a18aa5401ffe429721d3367cdcaa3bb669c3
-
SSDEEP
192:ER94OF5nuel2MwZyKi4lKMNrlTbVgdIAIW1YMO4/YSwRLT4IEBc:097QelpTzA9BlGdIiO4/YSJIo
Static task
static1
Behavioral task
behavioral1
Sample
0f916e2d5c15978bcd3ec243139c9a10_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
quasar
1.4.0.0
PS
206.123.129.13:5292
cZPMfz8wXVD6rdYTZy
-
encryption_key
0eHKVftsdU1Mp7eWj0ls
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
0f916e2d5c15978bcd3ec243139c9a10_JaffaCakes118
-
Size
13KB
-
MD5
0f916e2d5c15978bcd3ec243139c9a10
-
SHA1
8e19f68151e1b0c7f738a15731d99746e3fc7bfb
-
SHA256
aa558ca6d275da03c25907670fd9717e5979715d376b46051882fd27c153cefa
-
SHA512
e8e8cc9fb1a8455b5c0a83555710a28c4d72fef20af5f33f19aad98795df5998c3c4ad0fea1e0a460ba5c2409c23a18aa5401ffe429721d3367cdcaa3bb669c3
-
SSDEEP
192:ER94OF5nuel2MwZyKi4lKMNrlTbVgdIAIW1YMO4/YSwRLT4IEBc:097QelpTzA9BlGdIiO4/YSJIo
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-