General
-
Target
fc5416311f5e64294d3033abef2ae5d7_JaffaCakes118
-
Size
3.9MB
-
Sample
240420-j8as5scd52
-
MD5
fc5416311f5e64294d3033abef2ae5d7
-
SHA1
d57361cdd2e1e5cd9c1ab64ba6fa20e977dc3efe
-
SHA256
defe3d66f022bc223894b56b30aa6075f1341b700d256ab795f95088bae1f7c1
-
SHA512
c0b41a9630ab63d802d2949fb8e0e2865da62d69bda880dbee3fd31368009f787ffac6b4d5edff5422d0ab66d0040221309447af1d87d4bff1bc0e6da70bb0ee
-
SSDEEP
98304:3CFNQ00DlHJb9fhTkmYpYNuSZTKA0t9FFPEC8HOolPsliHLhg3arcO8GkfhUcZtI:3CFNQ00DlHJb9fhTkmY6bk9fchHOolPv
Behavioral task
behavioral1
Sample
fc5416311f5e64294d3033abef2ae5d7_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
fc5416311f5e64294d3033abef2ae5d7_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
quasar
2.6.0.0
Venom Client
127.0.0.1:4782
192.168.1.154:4782
u1Cabu0SD85QXhFG45
-
encryption_key
PhBvMV17IAAI7PAlZTmm
-
install_name
Venom.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
Targets
-
-
Target
fc5416311f5e64294d3033abef2ae5d7_JaffaCakes118
-
Size
3.9MB
-
MD5
fc5416311f5e64294d3033abef2ae5d7
-
SHA1
d57361cdd2e1e5cd9c1ab64ba6fa20e977dc3efe
-
SHA256
defe3d66f022bc223894b56b30aa6075f1341b700d256ab795f95088bae1f7c1
-
SHA512
c0b41a9630ab63d802d2949fb8e0e2865da62d69bda880dbee3fd31368009f787ffac6b4d5edff5422d0ab66d0040221309447af1d87d4bff1bc0e6da70bb0ee
-
SSDEEP
98304:3CFNQ00DlHJb9fhTkmYpYNuSZTKA0t9FFPEC8HOolPsliHLhg3arcO8GkfhUcZtI:3CFNQ00DlHJb9fhTkmY6bk9fchHOolPv
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-