Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
53b736e0f18bb8d3026c5a0ff66843ed927120ec55e4a099c0b411214e6cbd88
-
Size
1.7MB
-
Sample
221123-17ffnshb24
-
MD5
27973761305381b8a1888fa5fba466c0
-
SHA1
8c3d7fcec5e2bf468edf04de4640e8b5b0cbb160
-
SHA256
53b736e0f18bb8d3026c5a0ff66843ed927120ec55e4a099c0b411214e6cbd88
-
SHA512
e38a991050d49668135466af5f885f0623614b13cfd26c20926fa7e164271de9a6ec60e9ac6022e07351f8d42aeb25be914e7de2887eeca24953c8c94f7d68de
-
SSDEEP
24576:PUxJIRCRoenYQb6VOJ8Kgn1beVuumyEU:
Static task
static1
Behavioral task
behavioral1
Sample
53b736e0f18bb8d3026c5a0ff66843ed927120ec55e4a099c0b411214e6cbd88.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
53b736e0f18bb8d3026c5a0ff66843ed927120ec55e4a099c0b411214e6cbd88.exe
Resource
win10-20220812-en
Malware Config
Extracted
quasar
1.4.0
Cio
162.19.131.197:4782
c5fdf017-8f44-47ea-a69e-0b82e4044ca7
-
encryption_key
59A92039F951E5069C9F50FD9F340E759713B058
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
53b736e0f18bb8d3026c5a0ff66843ed927120ec55e4a099c0b411214e6cbd88
-
Size
1.7MB
-
MD5
27973761305381b8a1888fa5fba466c0
-
SHA1
8c3d7fcec5e2bf468edf04de4640e8b5b0cbb160
-
SHA256
53b736e0f18bb8d3026c5a0ff66843ed927120ec55e4a099c0b411214e6cbd88
-
SHA512
e38a991050d49668135466af5f885f0623614b13cfd26c20926fa7e164271de9a6ec60e9ac6022e07351f8d42aeb25be914e7de2887eeca24953c8c94f7d68de
-
SSDEEP
24576:PUxJIRCRoenYQb6VOJ8Kgn1beVuumyEU:
Score10/10-
Quasar payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-