Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5c59b700c7a1b43a2b8abfe9be0114d6_JaffaCakes118
-
Size
866KB
-
Sample
240719-rw9qpswbrj
-
MD5
5c59b700c7a1b43a2b8abfe9be0114d6
-
SHA1
38466b8599e1776fd34bc89462dd9d7842165698
-
SHA256
4be89ac76b9b5d45730a1c7fd1c23b9270c7e3f11e997608f13fe4ca7236bb95
-
SHA512
9284e40b93b9906c956dccd32cb5f00acef958ff889386dad95da53104bce926160aee8511058c9732d7d86728e8d4a23d96fcb0da7b781c25f85df5a7a1eced
-
SSDEEP
12288:tRZ+IoG/n9IQxW3OBse97Ium28XSeMIbI/+hl08NsZVsbbcd5e4JRRoEYmPxtovb:l2G/nvxW3WdZQ+Tm4W6HuERbum01t
Static task
static1
Behavioral task
behavioral1
Sample
5c59b700c7a1b43a2b8abfe9be0114d6_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
quasar
1.3.0.0
EMV
manoftheyear-58512.portmap.io:58512
QSR_MUTEX_OiWYJuvLVGz4wDjmfv
-
encryption_key
0oQZGEIAu1YEgqvO30Bu
-
install_name
javaupdater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
javaupdater
-
subdirectory
SubDir
Targets
-
-
Target
5c59b700c7a1b43a2b8abfe9be0114d6_JaffaCakes118
-
Size
866KB
-
MD5
5c59b700c7a1b43a2b8abfe9be0114d6
-
SHA1
38466b8599e1776fd34bc89462dd9d7842165698
-
SHA256
4be89ac76b9b5d45730a1c7fd1c23b9270c7e3f11e997608f13fe4ca7236bb95
-
SHA512
9284e40b93b9906c956dccd32cb5f00acef958ff889386dad95da53104bce926160aee8511058c9732d7d86728e8d4a23d96fcb0da7b781c25f85df5a7a1eced
-
SSDEEP
12288:tRZ+IoG/n9IQxW3OBse97Ium28XSeMIbI/+hl08NsZVsbbcd5e4JRRoEYmPxtovb:l2G/nvxW3WdZQ+Tm4W6HuERbum01t
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-