General

  • Target

    a3ba5a4b0207abd51259e63aafa16197_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240817-xjpsna1dke

  • MD5

    a3ba5a4b0207abd51259e63aafa16197

  • SHA1

    8a672955e55728a485361fad3b9ff4550437c9a5

  • SHA256

    6703200536ac1c58e784d238e2570dea87a0bba9fa37de7e3f35b06198ca7efa

  • SHA512

    b32e7f34c06a07f7cf3ac2a1c6cefa7b2aa5900eac155c40e4b843eb39ba7c8adc43caedf6a06c2a34b09f82962877af45480a371a376b951226c4d46cb9c46d

  • SSDEEP

    24576:D5Ihb6mCBx9g0rMVCxbOktU0/W+TR9/phbNumlNUFUaSH6JzqOiCl1UqlrZ4UF2:D5I0+0mCxSktR/W4/71MiCl1lF

Malware Config

Targets

    • Target

      a3ba5a4b0207abd51259e63aafa16197_JaffaCakes118

    • Size

      1.2MB

    • MD5

      a3ba5a4b0207abd51259e63aafa16197

    • SHA1

      8a672955e55728a485361fad3b9ff4550437c9a5

    • SHA256

      6703200536ac1c58e784d238e2570dea87a0bba9fa37de7e3f35b06198ca7efa

    • SHA512

      b32e7f34c06a07f7cf3ac2a1c6cefa7b2aa5900eac155c40e4b843eb39ba7c8adc43caedf6a06c2a34b09f82962877af45480a371a376b951226c4d46cb9c46d

    • SSDEEP

      24576:D5Ihb6mCBx9g0rMVCxbOktU0/W+TR9/phbNumlNUFUaSH6JzqOiCl1UqlrZ4UF2:D5I0+0mCxSktR/W4/71MiCl1lF

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks