Extracted

• • Target

    4e0a39ab057a9e884255df35dbf240ca_JaffaCakes118

  • Size

    711KB

  • MD5

    4e0a39ab057a9e884255df35dbf240ca

  • SHA1

    9f431640264b1cbf5d8a9666d33c868a1e6ebfd7

  • SHA256

    4a95103a4f893c6c17b66af8f872093b97d836f6277195e1c60339341da4f276

  • SHA512

    7963afa8b19329b53e2fb12751ea04cceba8f58401315b16f21b300c555f5a8c4473ec19aec694a7f32789fa243dc0f8edc3247463a6f3551bff99fe858069a4

  • SSDEEP

    12288:B8JsIitBttf+zZa7oPNr3JfjLxEwvmcmsq43reb+z3vt4snmMszSN:CaBJeK0r5hVvlRqEreq7WbY

  Score

  10^/10

  quasar1805spywaretrojanupx

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2