General

  • Target

    fe353fe43c1cca454ab7dec340de5fe5_JaffaCakes118

  • Size

    5.1MB

  • Sample

    240421-ctf82sge95

  • MD5

    fe353fe43c1cca454ab7dec340de5fe5

  • SHA1

    2bfff8303840f55aeb50be6411e414f7c62bec66

  • SHA256

    24520b47857fb9bf8e12eaee60ac2b7ba62373b2822e180e0b20f75fd2987cf6

  • SHA512

    c526803329604a4f774967abe1407e7991a77957de5b44ef8f5006d9255c2742c908baf87cc803948da535bbc30b200aedf3cf3e3cd6bd68a69ea0ff8665d57e

  • SSDEEP

    49152:3pjFYb8mFxMQg3Q3cX5C/wnvdAlPjcmYBBgcsbJ5zraFeQQsTt8TPoLFjPi617WM:3DY4mPPt5HG6PoJ3cWf+Tv5h

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

127.0.0.1:4782

Mutex

aecbbbe6-27df-44d1-ad77-4a664950cfb8

Attributes
  • encryption_key

    743062375D40E5AA28B42E34C8CE9A6D6F47E6DD

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      fe353fe43c1cca454ab7dec340de5fe5_JaffaCakes118

    • Size

      5.1MB

    • MD5

      fe353fe43c1cca454ab7dec340de5fe5

    • SHA1

      2bfff8303840f55aeb50be6411e414f7c62bec66

    • SHA256

      24520b47857fb9bf8e12eaee60ac2b7ba62373b2822e180e0b20f75fd2987cf6

    • SHA512

      c526803329604a4f774967abe1407e7991a77957de5b44ef8f5006d9255c2742c908baf87cc803948da535bbc30b200aedf3cf3e3cd6bd68a69ea0ff8665d57e

    • SSDEEP

      49152:3pjFYb8mFxMQg3Q3cX5C/wnvdAlPjcmYBBgcsbJ5zraFeQQsTt8TPoLFjPi617WM:3DY4mPPt5HG6PoJ3cWf+Tv5h

MITRE ATT&CK Enterprise v15

Tasks