Extracted

• • Target

    cb52f7cdf8f075d4cee664dd8182279f_JaffaCakes118

  • Size

    348KB

  • MD5

    cb52f7cdf8f075d4cee664dd8182279f

  • SHA1

    7410934fda7cf600da5a309a466b4e3d6f73a504

  • SHA256

    8b39d5495b5ad64cb4f0a35024485f0e757e25a2e5c0eee0a671c0d125f87ec6

  • SHA512

    4d61f8b558b31fce2fc225b1d7751cdf2b7d914fe7ef1a6a3ca6c223d93d13b43147f462b4b2b0b1c4c2e0e38787c3693d2c085a33febaf0ea3a10f113ad0744

  • SSDEEP

    3072:WZF9/SKX4/gIDdcD0+oS0JiIflpUvbNigdkJsnCr7qiafsPOy0krbNfh9v5UtfkF:WJ74/ghQS00WQvBEH3UybNvMkfl5

  Score

  10^/10

  quasarqsr2discoveryspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2