Behavioral task
behavioral1
Sample
95823524c56268909001597a81a398d5_JaffaCakes118.exe
Resource
win7-20240419-en
General
-
Target
95823524c56268909001597a81a398d5_JaffaCakes118
-
Size
531KB
-
MD5
95823524c56268909001597a81a398d5
-
SHA1
f732527a57d11a9dd57b4b093144c60ffa38a173
-
SHA256
b42d3f4823819c1b7119774c52f89e62bfb6fec506e3530e681cf0ce0bc5557d
-
SHA512
75cf3848026d3d1589115471b3bacd96a378c36cc6991c51f292590998a2ed4df58fe0a0139cb34d1d9722a18c5f14af52f7412f57c67275f73062da1747449f
-
SSDEEP
6144:stlrXYao3Rvn9dYQ0kQiwwVoab4UYJI+OWjE:OpXvQ0kQF96Y6+xg
Malware Config
Extracted
quasar
1.3.0.0
USR
pv8stresser.xyz:45201
yzyrfG0e0ojtGuJLLm
-
encryption_key
0PxbjHekumnMpxMDOLOWYxcgvcGzNRtp
-
install_name
Client.exe
-
log_directory
Mozilla
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 95823524c56268909001597a81a398d5_JaffaCakes118
Files
-
95823524c56268909001597a81a398d5_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 529KB - Virtual size: 529KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ