quasar | 95823524c56268909001597a81a398d5_JaffaCakes118 | Triage

Sharing

General

Target

95823524c56268909001597a81a398d5_JaffaCakes118
Size

531KB
MD5

95823524c56268909001597a81a398d5
SHA1

f732527a57d11a9dd57b4b093144c60ffa38a173
SHA256

b42d3f4823819c1b7119774c52f89e62bfb6fec506e3530e681cf0ce0bc5557d
SHA512

75cf3848026d3d1589115471b3bacd96a378c36cc6991c51f292590998a2ed4df58fe0a0139cb34d1d9722a18c5f14af52f7412f57c67275f73062da1747449f
SSDEEP

6144:stlrXYao3Rvn9dYQ0kQiwwVoab4UYJI+OWjE:OpXvQ0kQF96Y6+xg

Score

10^/10

usr quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

USR

C2

pv8stresser.xyz:45201

Mutex

yzyrfG0e0ojtGuJLLm

Attributes

encryption_key
0PxbjHekumnMpxMDOLOWYxcgvcGzNRtp
install_name
Client.exe
log_directory
Mozilla
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar family
quasar
Quasar payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
95823524c56268909001597a81a398d5_JaffaCakes118

Files

95823524c56268909001597a81a398d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ