General
-
Target
1e45289ae6c35927fd465a8dc4259709_JaffaCakes118
-
Size
2.9MB
-
Sample
240702-gy9hlstcqj
-
MD5
1e45289ae6c35927fd465a8dc4259709
-
SHA1
949cb73c2b7d22bf4098ca923b8721f868bf5542
-
SHA256
f0e2c81a913c45b22e544dae28407eb6634751700c200fc889a39dd422e42a28
-
SHA512
e0e6194df6817431c9e3e28ad38325c2b2c695e8ba22850ef46c77e5180efa3592690dac2838d988b7f8e91a651326b5b247ece0957df530f28c0998781b312e
-
SSDEEP
49152:GNapUSKPQktseYQmOzkfO5/mFZfwjzBF/FCRGKPYufONsabCUHeze9/K:g4USK3igb5/mbwXfwGKGN3e69
Static task
static1
Behavioral task
behavioral1
Sample
1e45289ae6c35927fd465a8dc4259709_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
quasar
1.4.0
SMART2
vpnnid.hopto.org:4783
3480c736-2dc5-454c-9fb1-5a26a450ce30
-
encryption_key
C390E62881F25347C39CDE51024A9C687D49675F
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
1e45289ae6c35927fd465a8dc4259709_JaffaCakes118
-
Size
2.9MB
-
MD5
1e45289ae6c35927fd465a8dc4259709
-
SHA1
949cb73c2b7d22bf4098ca923b8721f868bf5542
-
SHA256
f0e2c81a913c45b22e544dae28407eb6634751700c200fc889a39dd422e42a28
-
SHA512
e0e6194df6817431c9e3e28ad38325c2b2c695e8ba22850ef46c77e5180efa3592690dac2838d988b7f8e91a651326b5b247ece0957df530f28c0998781b312e
-
SSDEEP
49152:GNapUSKPQktseYQmOzkfO5/mFZfwjzBF/FCRGKPYufONsabCUHeze9/K:g4USK3igb5/mbwXfwGKGN3e69
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-