Behavioral task
behavioral1
Sample
5cb393129c64579c40c710393d5cf0b3_JaffaCakes118.exe
Resource
win7-20240215-en
General
-
Target
5cb393129c64579c40c710393d5cf0b3_JaffaCakes118
-
Size
349KB
-
MD5
5cb393129c64579c40c710393d5cf0b3
-
SHA1
ed055afba02e96d01846aea13dd33fa356c457e6
-
SHA256
b53ae247bae6ac6ee53bf0c2a53ab4a98f3e0f26234e7a886a7e5db1d7ff2685
-
SHA512
e306a5ddc0b60dc24853d888f1bacee7c359ac043cd3d8e36eb5a8e5caa457549585cf16050084689cb2018a420a082f9f68f4c1f8ddf894eaf1b6339152a826
-
SSDEEP
6144:uK2J10qdSlEc39HGWQfSdwl/CKidLDLNbFTUIhO9Ivbi0Z:uKFD3wl6KidLDHQIQ9IDi0Z
Malware Config
Extracted
quasar
1.3.0.0
DESKTOP
192.168.0.4:4782
127.0.0.1:4782
78.236.157.250:25565
QSR_MUTEX_1ghurBw7SYWm4hcoxp
-
encryption_key
q0AJ45H6UJPXERK0E6ML
-
install_name
System Auto Update.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System Auto Update
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5cb393129c64579c40c710393d5cf0b3_JaffaCakes118
Files
-
5cb393129c64579c40c710393d5cf0b3_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 346KB - Virtual size: 345KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ