Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba09f284f6f8acb6400d6d8ccddd0993.bin

  • Size

    825KB

  • Sample

    230130-x6h9dsdg3x

  • MD5

    16920b502a14835c27f2c5fc897a53a4

  • SHA1

    de4b686b13927b541bc7f358218420030ac69490

  • SHA256

    357f5843804874c6728b48ac3c2ce1fd4323a3bfa46c7acbf02eb2b9c2b5795d

  • SHA512

    5ca4b47645f1cd0abcc92b0b7e84a69280eddb2313232f8055479013acaa57e20a549a3f8ab075dcb7a9da86624d9e3a6aa5914644cb33036a0fdb0f17b7e17f

  • SSDEEP

    24576:U+ce/f0LBYw323fkwHlmp2ltVJwGfD+qbAaDUdIR7VI:U+nHkYwSkwHlmp2lxwaDqdn

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

owl2

C2

dnuocc.com:64594

www.dnuocc.com:64594

dnuocc.com:64588

Mutex

QSR_MUTEX_Xn0YDvYWygBKu6ydwL

Attributes
  • encryption_key

    0LACiVsUHC0ln7Q0Y3SE

  • install_name

    hvi.exe

  • log_directory

    Logs

  • reconnect_delay

    5000

  • startup_key

    htc

  • subdirectory

    cji

Targets

    • Target

      52d37ef5f414ea192c1512f8740e0bb53e2d85ca04f133468a5267b491cb2ce6.exe

    • Size

      834KB

    • MD5

      ba09f284f6f8acb6400d6d8ccddd0993

    • SHA1

      154fb9974cb4ca8afd2360ca2bf676993f43f2db

    • SHA256

      52d37ef5f414ea192c1512f8740e0bb53e2d85ca04f133468a5267b491cb2ce6

    • SHA512

      98bc6aae1b65997c5884f79114baa96f32c1a8e018403038cb3a2f1785d99b8feb892eaf41a1624968dbe63842ae0d98bd66e80de0d3aa17f9dcea01efe224e5

    • SSDEEP

      24576:2qO1lo4HqTEa+XMiZG7BAZJXKrAT35YnW/nuBvOfkMFEGmFz:H0cTEfpi+zXK8T35YiuBvOvhm

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks