General
-
Target
6f0e102a9b5a459f182e5b0501ab2315_JaffaCakes118
-
Size
844KB
-
Sample
240524-tdy8csbf26
-
MD5
6f0e102a9b5a459f182e5b0501ab2315
-
SHA1
f121b12f1ee6d672ff1a44eb88fe4669ff8f308c
-
SHA256
8860dd0f1793f1585f0862dad7c6c1aad2f6f20352620ffbd85acbec37274e65
-
SHA512
773fae77ebf65ae8c44cfd122047c693b2da95af5456a4e9f72bbc85e17fabc37200e96fc793c30dee871048769501fe9b01bbf4b338a515cc5fd526316c5047
-
SSDEEP
24576:aSW6SIhZbWsv+6szFB8hxe9KXGIY2rT9UmViIGS/SJOqLc9:a9aMfHD9KXd7rTWC/MOqLc9
Static task
static1
Behavioral task
behavioral1
Sample
6f0e102a9b5a459f182e5b0501ab2315_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
quasar
1.3.0.0
qua2
79.134.225.77:1973
QSR_MUTEX_rVn0OUE8f1tzJgSd1f
-
encryption_key
lOSR71Cu22ACEpzOi042
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
6f0e102a9b5a459f182e5b0501ab2315_JaffaCakes118
-
Size
844KB
-
MD5
6f0e102a9b5a459f182e5b0501ab2315
-
SHA1
f121b12f1ee6d672ff1a44eb88fe4669ff8f308c
-
SHA256
8860dd0f1793f1585f0862dad7c6c1aad2f6f20352620ffbd85acbec37274e65
-
SHA512
773fae77ebf65ae8c44cfd122047c693b2da95af5456a4e9f72bbc85e17fabc37200e96fc793c30dee871048769501fe9b01bbf4b338a515cc5fd526316c5047
-
SSDEEP
24576:aSW6SIhZbWsv+6szFB8hxe9KXGIY2rT9UmViIGS/SJOqLc9:a9aMfHD9KXd7rTWC/MOqLc9
-
Quasar payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-