General
-
Target
95823524c56268909001597a81a398d5_JaffaCakes118
-
Size
531KB
-
Sample
240604-twh9vscf8z
-
MD5
95823524c56268909001597a81a398d5
-
SHA1
f732527a57d11a9dd57b4b093144c60ffa38a173
-
SHA256
b42d3f4823819c1b7119774c52f89e62bfb6fec506e3530e681cf0ce0bc5557d
-
SHA512
75cf3848026d3d1589115471b3bacd96a378c36cc6991c51f292590998a2ed4df58fe0a0139cb34d1d9722a18c5f14af52f7412f57c67275f73062da1747449f
-
SSDEEP
6144:stlrXYao3Rvn9dYQ0kQiwwVoab4UYJI+OWjE:OpXvQ0kQF96Y6+xg
Behavioral task
behavioral1
Sample
95823524c56268909001597a81a398d5_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
quasar
1.3.0.0
USR
pv8stresser.xyz:45201
yzyrfG0e0ojtGuJLLm
-
encryption_key
0PxbjHekumnMpxMDOLOWYxcgvcGzNRtp
-
install_name
Client.exe
-
log_directory
Mozilla
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
95823524c56268909001597a81a398d5_JaffaCakes118
-
Size
531KB
-
MD5
95823524c56268909001597a81a398d5
-
SHA1
f732527a57d11a9dd57b4b093144c60ffa38a173
-
SHA256
b42d3f4823819c1b7119774c52f89e62bfb6fec506e3530e681cf0ce0bc5557d
-
SHA512
75cf3848026d3d1589115471b3bacd96a378c36cc6991c51f292590998a2ed4df58fe0a0139cb34d1d9722a18c5f14af52f7412f57c67275f73062da1747449f
-
SSDEEP
6144:stlrXYao3Rvn9dYQ0kQiwwVoab4UYJI+OWjE:OpXvQ0kQF96Y6+xg
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-