General
-
Target
bd4e7d3310c773c469168d5df28cf478_JaffaCakes118
-
Size
348KB
-
Sample
240619-t62h7ayckk
-
MD5
bd4e7d3310c773c469168d5df28cf478
-
SHA1
a6642d7936d60d4808c31ee7dba7211116dcfcff
-
SHA256
d6ddf50bb4cca4910184dd2c17c38f94cae0e6a66f8b0d247731e16df1675492
-
SHA512
a5359d30a81b41bf089ac2001f7e838b0b7dc2a38d5a90bf832a0d4ea317ae0dc30f57aaed8acdfdb82472459c6f2d8b6d9544d5fd4ddf57abc3376158c9c135
-
SSDEEP
6144:Sg6bPXhLApfpPnN9SqZRjqb5nryybInr88I4gpUxdNG:HmhApP9Sq7KJE88I4KUxjG
Behavioral task
behavioral1
Sample
bd4e7d3310c773c469168d5df28cf478_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
yohavoc.duckdns.org:200
QSR_MUTEX_LjqAkGQit7iADYFldn
-
encryption_key
EJc41BpGuBKTbMfcan1S
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Discord
-
subdirectory
SubDir
Targets
-
-
Target
bd4e7d3310c773c469168d5df28cf478_JaffaCakes118
-
Size
348KB
-
MD5
bd4e7d3310c773c469168d5df28cf478
-
SHA1
a6642d7936d60d4808c31ee7dba7211116dcfcff
-
SHA256
d6ddf50bb4cca4910184dd2c17c38f94cae0e6a66f8b0d247731e16df1675492
-
SHA512
a5359d30a81b41bf089ac2001f7e838b0b7dc2a38d5a90bf832a0d4ea317ae0dc30f57aaed8acdfdb82472459c6f2d8b6d9544d5fd4ddf57abc3376158c9c135
-
SSDEEP
6144:Sg6bPXhLApfpPnN9SqZRjqb5nryybInr88I4gpUxdNG:HmhApP9Sq7KJE88I4KUxjG
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-