General
-
Target
13ddb4c563aa5d65f2a9822d50e3b92f_JaffaCakes118
-
Size
358KB
-
Sample
240626-3dmc8szejd
-
MD5
13ddb4c563aa5d65f2a9822d50e3b92f
-
SHA1
2e1ccddf584175c3bd62ac8d0173fdb6ae73ea10
-
SHA256
29b58aa0ac40523e606e3a10258de337d2e76815b279402babc18e2bb410aab9
-
SHA512
ad7f92b70e64b04c3dde1b9519d88c237c62dd74d6929e17e968ce6a969449fd79caa1dca658294234759d17d9f5545ebf6fec87f5aa0c45b469c7fd27598f96
-
SSDEEP
6144:rJqQ4i1FFiEKhtpoidubrUX5v7N/Vyfs5uI:Fpli3poidD5jN/sfs5uI
Behavioral task
behavioral1
Sample
13ddb4c563aa5d65f2a9822d50e3b92f_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
almammory.hopto.org:1177
QSR_MUTEX_uvFpjg4C7Cxl60AUEGAUEGGMUTEOO
-
encryption_key
WVQm2WP2iovscPfuELDp
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
13ddb4c563aa5d65f2a9822d50e3b92f_JaffaCakes118
-
Size
358KB
-
MD5
13ddb4c563aa5d65f2a9822d50e3b92f
-
SHA1
2e1ccddf584175c3bd62ac8d0173fdb6ae73ea10
-
SHA256
29b58aa0ac40523e606e3a10258de337d2e76815b279402babc18e2bb410aab9
-
SHA512
ad7f92b70e64b04c3dde1b9519d88c237c62dd74d6929e17e968ce6a969449fd79caa1dca658294234759d17d9f5545ebf6fec87f5aa0c45b469c7fd27598f96
-
SSDEEP
6144:rJqQ4i1FFiEKhtpoidubrUX5v7N/Vyfs5uI:Fpli3poidD5jN/sfs5uI
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-