Overview

overview

10

Static

static

10

0cda1f22df...18.exe

windows7-x64

10

0cda1f22df...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0cda1f22df6bfc457fe6652fd3a76882_JaffaCakes118

  • Size

    414KB

  • MD5

    0cda1f22df6bfc457fe6652fd3a76882

  • SHA1

    7d8bea8697ad2be680c95e7f8c49ecf12004b276

  • SHA256

    32126d18cf602367a0b96792ac06c7a4a217e572b6c51339028dabfdd2adc698

  • SHA512

    0433bb211ce002de39564306e24723e8fbe992bce62f6859f384e59dca7a864bb5df683f8ab1b0dd250def621477cae7b3e7de6a11a5b60245bf643293af7775

  • SSDEEP

    6144:H46bPXhLApfp7KhECjvu6sictj/b2db6QtBYlXzzC2ABrwOhN9v58RQAF:YmhApVKhECbu6sXte7ofFABEOI

Score
10/10
зиниткаquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Зинитка

C2

5.100.89.199:4782

Mutex

QSR_MUTEX_EEMnSjlibhXM5IPU7O

Attributes
  • encryption_key

    eYyDHGpS7hjYDZFxJ4ql

  • install_name

    GamesV3.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    SystemStarting

  • subdirectory

    Games

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0cda1f22df6bfc457fe6652fd3a76882_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections