General
-
Target
ab651b7337ce02089c9e2133361f9e80_JaffaCakes118
-
Size
15KB
-
Sample
240404-bcg9caad44
-
MD5
ab651b7337ce02089c9e2133361f9e80
-
SHA1
f8ab634a10232a636f6e8ecdfbd6db9cf3ae16cf
-
SHA256
c5d79445cfa6e7991d9a466a0e9d822fe27be596beb1f8ec65f7be60c14e1e40
-
SHA512
38615ba67ddf1c592d56c18179efd5ae82571793634728c04bbc6d53ca3cd73f46d192d8789a5f7d62be1500f15cc26c32cf2c61abc96f085eb3d061d9f35529
-
SSDEEP
192:M4j9WuGhsKHtuAJ6zJld4QUcUhdg4z90pcBXSbCvjKwATJzyE4krRMuUfWV8:MiEhsKNuA0JQxJRBrKpJzyE4kyTfu
Static task
static1
Behavioral task
behavioral1
Sample
ab651b7337ce02089c9e2133361f9e80_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.0.0
PS
206.123.129.13:5292
cZPMfz8wXVD6rdYTZy
-
encryption_key
0eHKVftsdU1Mp7eWj0ls
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
ab651b7337ce02089c9e2133361f9e80_JaffaCakes118
-
Size
15KB
-
MD5
ab651b7337ce02089c9e2133361f9e80
-
SHA1
f8ab634a10232a636f6e8ecdfbd6db9cf3ae16cf
-
SHA256
c5d79445cfa6e7991d9a466a0e9d822fe27be596beb1f8ec65f7be60c14e1e40
-
SHA512
38615ba67ddf1c592d56c18179efd5ae82571793634728c04bbc6d53ca3cd73f46d192d8789a5f7d62be1500f15cc26c32cf2c61abc96f085eb3d061d9f35529
-
SSDEEP
192:M4j9WuGhsKHtuAJ6zJld4QUcUhdg4z90pcBXSbCvjKwATJzyE4krRMuUfWV8:MiEhsKNuA0JQxJRBrKpJzyE4kyTfu
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-