General
-
Target
7eaab8f932552e65b391359fe88db237_JaffaCakes118
-
Size
376KB
-
Sample
240528-2nrv2afe6y
-
MD5
7eaab8f932552e65b391359fe88db237
-
SHA1
38e58600b962926d1cfa61429361d51fd58e014d
-
SHA256
c43f7f1986561c8c66d39dd44bf7cd78907d9c1413488b95e3bbfb3b040be4bd
-
SHA512
2a6df2cb42da675c9c92657aba78eb9c31a910ed50a876593f6ddbd9bb147735157024d3d8585416fb2fbc575726acd3bd425a1367c0691f778690e81c020702
-
SSDEEP
6144:6FmF1w9kS+yXKi365ArOkofENOFEYDDyj7REt8mVLZn9sUf7rUwMq9Qw+:JbuXt3EA4/DyPREt8ct37rhv
Static task
static1
Behavioral task
behavioral1
Sample
7eaab8f932552e65b391359fe88db237_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
quasar
1.3.0.0
Client_04
vorphdns.ddns.net:4567
dmmd.ddns.net:4567
QSR_MUTEX_UT1r17dYXyTuwWVm2V
-
encryption_key
6nW4MhpEja0m9ojOn8B6
-
install_name
AdobeUpdater.exe
-
log_directory
UpdateLogs
-
reconnect_delay
3000
-
startup_key
AdobeUpdaterStartup
-
subdirectory
Adobe
Targets
-
-
Target
7eaab8f932552e65b391359fe88db237_JaffaCakes118
-
Size
376KB
-
MD5
7eaab8f932552e65b391359fe88db237
-
SHA1
38e58600b962926d1cfa61429361d51fd58e014d
-
SHA256
c43f7f1986561c8c66d39dd44bf7cd78907d9c1413488b95e3bbfb3b040be4bd
-
SHA512
2a6df2cb42da675c9c92657aba78eb9c31a910ed50a876593f6ddbd9bb147735157024d3d8585416fb2fbc575726acd3bd425a1367c0691f778690e81c020702
-
SSDEEP
6144:6FmF1w9kS+yXKi365ArOkofENOFEYDDyj7REt8mVLZn9sUf7rUwMq9Qw+:JbuXt3EA4/DyPREt8ct37rhv
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-