General
-
Target
5cb393129c64579c40c710393d5cf0b3_JaffaCakes118
-
Size
349KB
-
Sample
240520-cvcbgsfh5s
-
MD5
5cb393129c64579c40c710393d5cf0b3
-
SHA1
ed055afba02e96d01846aea13dd33fa356c457e6
-
SHA256
b53ae247bae6ac6ee53bf0c2a53ab4a98f3e0f26234e7a886a7e5db1d7ff2685
-
SHA512
e306a5ddc0b60dc24853d888f1bacee7c359ac043cd3d8e36eb5a8e5caa457549585cf16050084689cb2018a420a082f9f68f4c1f8ddf894eaf1b6339152a826
-
SSDEEP
6144:uK2J10qdSlEc39HGWQfSdwl/CKidLDLNbFTUIhO9Ivbi0Z:uKFD3wl6KidLDHQIQ9IDi0Z
Behavioral task
behavioral1
Sample
5cb393129c64579c40c710393d5cf0b3_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
quasar
1.3.0.0
DESKTOP
192.168.0.4:4782
127.0.0.1:4782
78.236.157.250:25565
QSR_MUTEX_1ghurBw7SYWm4hcoxp
-
encryption_key
q0AJ45H6UJPXERK0E6ML
-
install_name
System Auto Update.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System Auto Update
-
subdirectory
SubDir
Targets
-
-
Target
5cb393129c64579c40c710393d5cf0b3_JaffaCakes118
-
Size
349KB
-
MD5
5cb393129c64579c40c710393d5cf0b3
-
SHA1
ed055afba02e96d01846aea13dd33fa356c457e6
-
SHA256
b53ae247bae6ac6ee53bf0c2a53ab4a98f3e0f26234e7a886a7e5db1d7ff2685
-
SHA512
e306a5ddc0b60dc24853d888f1bacee7c359ac043cd3d8e36eb5a8e5caa457549585cf16050084689cb2018a420a082f9f68f4c1f8ddf894eaf1b6339152a826
-
SSDEEP
6144:uK2J10qdSlEc39HGWQfSdwl/CKidLDLNbFTUIhO9Ivbi0Z:uKFD3wl6KidLDHQIQ9IDi0Z
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-