Overview

overview

10

Static

static

10

f6e823b524...18.exe

windows7-x64

10

f6e823b524...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f6e823b524475856389186a96e73c5f4_JaffaCakes118

  • Size

    502KB

  • MD5

    f6e823b524475856389186a96e73c5f4

  • SHA1

    34317dc8fce6b791a651d93291cc3c3c1b30be46

  • SHA256

    06b8611aa629c1420172d4d6450c25f8f2def28fcf0aed3ca60a19ecde12d5ca

  • SHA512

    cecb0fc0e967563bc00ea4b6edb2c9b47711a7bc2a1cb22276edd4e9817e61acec5bcfeecad11501592b901ac6c51924921adb113c752e4fcf1015f0c901fb4c

  • SSDEEP

    6144:tTEgdc0YpXAGbgiIN2RSBuOCKuaLhT9d1cEatb8F9BcsofcTR3O:tTEgdfYlbgyOVd1KSjVAcdO

Score
10/10
client 1quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Client 1

C2

10.0.0.123:4782

Mutex

9aa03ca8-28f3-491f-8091-9b1f6faa7e82

Attributes
  • encryption_key

    8190CE5DCEE4860F09BCE46FB4AD82F1E9A20681

  • install_name

    AppleSpoofer.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    windows setup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f6e823b524475856389186a96e73c5f4_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections