General
-
Target
ffdaa7380de41365e6f885d5c1fefb89_JaffaCakes118
-
Size
348KB
-
Sample
240421-wn6fjagh5y
-
MD5
ffdaa7380de41365e6f885d5c1fefb89
-
SHA1
16eca6832828ee340052b50c0cfb6810e4157ce5
-
SHA256
fe920c2ba73fc82c4564e93fb39fd738aac91ffe5936d4e9bcfa3a14f9ef2863
-
SHA512
c9a3d05c9a7f6a9956b2a351023191640eefdd6f9bd997f3ecf13a7c76d6cd394ed285a5ed7be132a7eb58c2f0fc7d8cc95a141e9b777133e8529f8857b9c6da
-
SSDEEP
6144:Uh6bPXhLApfpwgnZOwMstZHbqRuvONBBtbinMucRXov+e5biNa:ImhAprU67TsVinTchov+e1iNa
Behavioral task
behavioral1
Sample
ffdaa7380de41365e6f885d5c1fefb89_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
136.244.94.164:3232
QSR_MUTEX_aK1Rny3zYk6USUVnES
-
encryption_key
jjeLpKAbWSF7kHDH5wVV
-
install_name
Client.exe
-
log_directory
asd
-
reconnect_delay
1
-
startup_key
pack
-
subdirectory
SubDir
Targets
-
-
Target
ffdaa7380de41365e6f885d5c1fefb89_JaffaCakes118
-
Size
348KB
-
MD5
ffdaa7380de41365e6f885d5c1fefb89
-
SHA1
16eca6832828ee340052b50c0cfb6810e4157ce5
-
SHA256
fe920c2ba73fc82c4564e93fb39fd738aac91ffe5936d4e9bcfa3a14f9ef2863
-
SHA512
c9a3d05c9a7f6a9956b2a351023191640eefdd6f9bd997f3ecf13a7c76d6cd394ed285a5ed7be132a7eb58c2f0fc7d8cc95a141e9b777133e8529f8857b9c6da
-
SSDEEP
6144:Uh6bPXhLApfpwgnZOwMstZHbqRuvONBBtbinMucRXov+e5biNa:ImhAprU67TsVinTchov+e1iNa
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-