Overview

overview

10

Static

static

3

4c2035a049...18.exe

windows7-x64

10

4c2035a049...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c2035a0494f1e280a9383677f2501fd_JaffaCakes118.exe

  • Size

    6.3MB

  • MD5

    4c2035a0494f1e280a9383677f2501fd

  • SHA1

    ce190f82c9bdf2652906cafba1a6727e276fd540

  • SHA256

    036ccf870c0c626dfab5ff245db67b961d6669af26c3694992b56271a4e979ea

  • SHA512

    39206b5b9c00ce04bd1e710f0af7f76f4c522d019f55f7c32c62f9973ec12123fd7dd03897e6de3ed925519dcd263f4981ed7d34ee01304642440fbe2a7e0108

  • SSDEEP

    98304:awAwD+xPQPHGGHtWUolKiTQSLQ+NIv9xEDginRBnyecCkyzyNjk:awBAPoHtBoFTQSLQ9VxyyecCLz7

Score
10/10
quasarsyscmdspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

SyScmd

C2

91.211.251.108:4782

Mutex

QSR_MUTEX_qwefagr3235weasfefwwef

Attributes
  • encryption_key

    nWKoI3fOkpyNHoDWEE4y

  • install_name

    Update.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    syswow

  • subdirectory

    Microsoft\Windows\Update

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c2035a0494f1e280a9383677f2501fd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4c2035a0494f1e280a9383677f2501fd_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1736-5-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-6-0x0000000077650000-0x0000000077651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1736-7-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1736-9-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-11-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-10-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-12-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-8-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-13-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-17-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-16-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-23-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-18-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-14-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-24-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-25-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-40-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-44-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-46-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-52-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-42-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-50-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-48-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-55-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-53-0x0000000074BF0000-0x0000000074C3A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1736-57-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-56-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-68-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-70-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-66-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-78-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-77-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-76-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-75-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-74-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-73-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-72-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1736-71-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-69-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-65-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-64-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-63-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-62-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-61-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-60-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-59-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-58-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-89-0x0000000000400000-0x0000000000754000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-99-0x0000000000C80000-0x0000000000FCA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1736-100-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download