General
-
Target
7f8c68dc83369e4da501359183e53a47_JaffaCakes118
-
Size
564KB
-
Sample
241030-rsa3zawqgr
-
MD5
7f8c68dc83369e4da501359183e53a47
-
SHA1
044502e7191827a44a580c7665d7a013141f2774
-
SHA256
31515fe26432d74840a3aa9766db44364e2f9a06a1cd4669cd3ef9a6dbfb9e0d
-
SHA512
3775b9c65e33ba017993b46c08662d36cf04d25fa051473e6c96a6a92f8550f2532da75f5cdda441ff36a64d75799e16e84cad281bd9cf801787428abd98e2ff
-
SSDEEP
6144:l8wczx37qSmnAOSratYcoNlnR6p8xdrQRytGbuPc8p1r1Awywx5T4H0bMeo/s3O:l8wEp705q8Yc2lnuqFNhPrJV50Ue
Static task
static1
Behavioral task
behavioral1
Sample
7f8c68dc83369e4da501359183e53a47_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.0
Office04w
societyf500.ddns.net:5490
f4264bdc-b486-4a30-a042-2bcfb907b3c7
-
encryption_key
0204DFA093E27B72F1617CCEA6076BCCE5D0A482
-
install_name
dwmq.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
dwmq
-
subdirectory
explorer
Targets
-
-
Target
7f8c68dc83369e4da501359183e53a47_JaffaCakes118
-
Size
564KB
-
MD5
7f8c68dc83369e4da501359183e53a47
-
SHA1
044502e7191827a44a580c7665d7a013141f2774
-
SHA256
31515fe26432d74840a3aa9766db44364e2f9a06a1cd4669cd3ef9a6dbfb9e0d
-
SHA512
3775b9c65e33ba017993b46c08662d36cf04d25fa051473e6c96a6a92f8550f2532da75f5cdda441ff36a64d75799e16e84cad281bd9cf801787428abd98e2ff
-
SSDEEP
6144:l8wczx37qSmnAOSratYcoNlnR6p8xdrQRytGbuPc8p1r1Awywx5T4H0bMeo/s3O:l8wEp705q8Yc2lnuqFNhPrJV50Ue
-
Quasar family
-
Quasar payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-