General
-
Target
1423a4be112f647fe95730150a842627_JaffaCakes118
-
Size
348KB
-
Sample
240504-x3wqbabc44
-
MD5
1423a4be112f647fe95730150a842627
-
SHA1
ad705962c70d6d74afc7f69051c809240c1dc7d3
-
SHA256
7655e16003aa8856e7585f5d4b76d39f9e56b784442c9523d9f0b7b9c85b714b
-
SHA512
0df8a840711259c5026d20c069e45a996aa92e821ac870d0ae66760617e31ce5feecbdf3b03a16f3945b13df1279c1902c9a46c498b0b235217e127e49157cb0
-
SSDEEP
6144:b+NHXf500MwDjCTHYr1b8i4YunbL/zMoXDme:6d50sjGoP4YunHAoXDme
Behavioral task
behavioral1
Sample
1423a4be112f647fe95730150a842627_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
quasar
1.3.0.0
Slave
134.209.192.40:4782
QSR_MUTEX_k8JOK9yrF6X0eZEc1V
-
encryption_key
Mx5vn03LCy6ul2fLffQw
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
1423a4be112f647fe95730150a842627_JaffaCakes118
-
Size
348KB
-
MD5
1423a4be112f647fe95730150a842627
-
SHA1
ad705962c70d6d74afc7f69051c809240c1dc7d3
-
SHA256
7655e16003aa8856e7585f5d4b76d39f9e56b784442c9523d9f0b7b9c85b714b
-
SHA512
0df8a840711259c5026d20c069e45a996aa92e821ac870d0ae66760617e31ce5feecbdf3b03a16f3945b13df1279c1902c9a46c498b0b235217e127e49157cb0
-
SSDEEP
6144:b+NHXf500MwDjCTHYr1b8i4YunbL/zMoXDme:6d50sjGoP4YunHAoXDme
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-