General
-
Target
61898e94dc1c1523165de0049304e9fa_JaffaCakes118
-
Size
15KB
-
Sample
240331-3r3blsfh82
-
MD5
61898e94dc1c1523165de0049304e9fa
-
SHA1
e9f386e636273f79451aee96e2f5e16af4968aa8
-
SHA256
a369040116a283533a51d42254cd5124bf50b51ff4b1c0501afd22f3a10b59cc
-
SHA512
dabf6ab8ac4bdedc27b463a870c6effcd5cdb423c951eb144fc68d45256d8c59c992ee6045eb8dba9c637411310184bd2e5b2788c89209e2bbe2669c3e40df41
-
SSDEEP
192:1UUic4UtBR+1L5Lb/EyFmZCBoEH++IVTeKCGuKOvbomWthV9ftv2C+nCpUysPE4:YZUta1L5LbUVEH++BKllOvbo7U+j+E
Static task
static1
Behavioral task
behavioral1
Sample
61898e94dc1c1523165de0049304e9fa_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.0.0
PS
206.123.129.13:5292
cZPMfz8wXVD6rdYTZy
-
encryption_key
0eHKVftsdU1Mp7eWj0ls
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
61898e94dc1c1523165de0049304e9fa_JaffaCakes118
-
Size
15KB
-
MD5
61898e94dc1c1523165de0049304e9fa
-
SHA1
e9f386e636273f79451aee96e2f5e16af4968aa8
-
SHA256
a369040116a283533a51d42254cd5124bf50b51ff4b1c0501afd22f3a10b59cc
-
SHA512
dabf6ab8ac4bdedc27b463a870c6effcd5cdb423c951eb144fc68d45256d8c59c992ee6045eb8dba9c637411310184bd2e5b2788c89209e2bbe2669c3e40df41
-
SSDEEP
192:1UUic4UtBR+1L5Lb/EyFmZCBoEH++IVTeKCGuKOvbomWthV9ftv2C+nCpUysPE4:YZUta1L5LbUVEH++BKllOvbo7U+j+E
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-