Overview

overview

10

Static

static

10

5cb393129c...18.exe

windows7-x64

10

5cb393129c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cb393129c64579c40c710393d5cf0b3_JaffaCakes118

  • Size

    349KB

  • MD5

    5cb393129c64579c40c710393d5cf0b3

  • SHA1

    ed055afba02e96d01846aea13dd33fa356c457e6

  • SHA256

    b53ae247bae6ac6ee53bf0c2a53ab4a98f3e0f26234e7a886a7e5db1d7ff2685

  • SHA512

    e306a5ddc0b60dc24853d888f1bacee7c359ac043cd3d8e36eb5a8e5caa457549585cf16050084689cb2018a420a082f9f68f4c1f8ddf894eaf1b6339152a826

  • SSDEEP

    6144:uK2J10qdSlEc39HGWQfSdwl/CKidLDLNbFTUIhO9Ivbi0Z:uKFD3wl6KidLDHQIQ9IDi0Z

Score
10/10
desktopquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

DESKTOP

C2

192.168.0.4:4782

127.0.0.1:4782

78.236.157.250:25565
Mutex

QSR_MUTEX_1ghurBw7SYWm4hcoxp

Attributes
  • encryption_key

    q0AJ45H6UJPXERK0E6ML

  • install_name

    System Auto Update.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System Auto Update

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5cb393129c64579c40c710393d5cf0b3_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections