Overview

overview

10

Static

static

3

4f4c6c4cb9...18.exe

windows7-x64

10

4f4c6c4cb9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f4c6c4cb9109512a00499b5bc9c0ad6_JaffaCakes118

  • Size

    504KB

  • Sample

    240517-k41dnsbc66

  • MD5

    4f4c6c4cb9109512a00499b5bc9c0ad6

  • SHA1

    6883af9089c4d757933118bbefb638d746f2d61e

  • SHA256

    a4b157dbab29a77fbbf70ce88ef45b8a4f96c89cfe56cecc0d11d1b10d874609

  • SHA512

    56f61a8f7883853c42ef0ec565c9b426c5c122610f39f3bae0ba54062c6f86a00d8dd2151d91574c87546b9a293aebb403c872a12a6cda6ad08736325cf7dcfe

  • SSDEEP

    12288:v3/WV0K6JGoiD3zHiWaR7OFNP0E2PzpqX1nb:26JGoiD3zCfCFBZ2PzEX1nb

Score
10/10
quasarspywaretrojan

Malware Config

Targets

    • Target

      4f4c6c4cb9109512a00499b5bc9c0ad6_JaffaCakes118

    • Size

      504KB

    • MD5

      4f4c6c4cb9109512a00499b5bc9c0ad6

    • SHA1

      6883af9089c4d757933118bbefb638d746f2d61e

    • SHA256

      a4b157dbab29a77fbbf70ce88ef45b8a4f96c89cfe56cecc0d11d1b10d874609

    • SHA512

      56f61a8f7883853c42ef0ec565c9b426c5c122610f39f3bae0ba54062c6f86a00d8dd2151d91574c87546b9a293aebb403c872a12a6cda6ad08736325cf7dcfe

    • SSDEEP

      12288:v3/WV0K6JGoiD3zHiWaR7OFNP0E2PzpqX1nb:26JGoiD3zCfCFBZ2PzEX1nb

    Score
    10/10
    quasarspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks