General
-
Target
fe353fe43c1cca454ab7dec340de5fe5_JaffaCakes118
-
Size
5.1MB
-
Sample
240421-ctf82sge95
-
MD5
fe353fe43c1cca454ab7dec340de5fe5
-
SHA1
2bfff8303840f55aeb50be6411e414f7c62bec66
-
SHA256
24520b47857fb9bf8e12eaee60ac2b7ba62373b2822e180e0b20f75fd2987cf6
-
SHA512
c526803329604a4f774967abe1407e7991a77957de5b44ef8f5006d9255c2742c908baf87cc803948da535bbc30b200aedf3cf3e3cd6bd68a69ea0ff8665d57e
-
SSDEEP
49152:3pjFYb8mFxMQg3Q3cX5C/wnvdAlPjcmYBBgcsbJ5zraFeQQsTt8TPoLFjPi617WM:3DY4mPPt5HG6PoJ3cWf+Tv5h
Static task
static1
Behavioral task
behavioral1
Sample
fe353fe43c1cca454ab7dec340de5fe5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe353fe43c1cca454ab7dec340de5fe5_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
quasar
1.4.0
Office04
127.0.0.1:4782
aecbbbe6-27df-44d1-ad77-4a664950cfb8
-
encryption_key
743062375D40E5AA28B42E34C8CE9A6D6F47E6DD
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
fe353fe43c1cca454ab7dec340de5fe5_JaffaCakes118
-
Size
5.1MB
-
MD5
fe353fe43c1cca454ab7dec340de5fe5
-
SHA1
2bfff8303840f55aeb50be6411e414f7c62bec66
-
SHA256
24520b47857fb9bf8e12eaee60ac2b7ba62373b2822e180e0b20f75fd2987cf6
-
SHA512
c526803329604a4f774967abe1407e7991a77957de5b44ef8f5006d9255c2742c908baf87cc803948da535bbc30b200aedf3cf3e3cd6bd68a69ea0ff8665d57e
-
SSDEEP
49152:3pjFYb8mFxMQg3Q3cX5C/wnvdAlPjcmYBBgcsbJ5zraFeQQsTt8TPoLFjPi617WM:3DY4mPPt5HG6PoJ3cWf+Tv5h
Score10/10-
Quasar payload
-
Adds Run key to start application
-