Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ba09f284f6f8acb6400d6d8ccddd0993.bin
-
Size
825KB
-
Sample
230130-x6h9dsdg3x
-
MD5
16920b502a14835c27f2c5fc897a53a4
-
SHA1
de4b686b13927b541bc7f358218420030ac69490
-
SHA256
357f5843804874c6728b48ac3c2ce1fd4323a3bfa46c7acbf02eb2b9c2b5795d
-
SHA512
5ca4b47645f1cd0abcc92b0b7e84a69280eddb2313232f8055479013acaa57e20a549a3f8ab075dcb7a9da86624d9e3a6aa5914644cb33036a0fdb0f17b7e17f
-
SSDEEP
24576:U+ce/f0LBYw323fkwHlmp2ltVJwGfD+qbAaDUdIR7VI:U+nHkYwSkwHlmp2lxwaDqdn
Static task
static1
Behavioral task
behavioral1
Sample
52d37ef5f414ea192c1512f8740e0bb53e2d85ca04f133468a5267b491cb2ce6.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.3.0.0
owl2
dnuocc.com:64594
www.dnuocc.com:64594
dnuocc.com:64588
QSR_MUTEX_Xn0YDvYWygBKu6ydwL
-
encryption_key
0LACiVsUHC0ln7Q0Y3SE
-
install_name
hvi.exe
-
log_directory
Logs
-
reconnect_delay
5000
-
startup_key
htc
-
subdirectory
cji
Targets
-
-
Target
52d37ef5f414ea192c1512f8740e0bb53e2d85ca04f133468a5267b491cb2ce6.exe
-
Size
834KB
-
MD5
ba09f284f6f8acb6400d6d8ccddd0993
-
SHA1
154fb9974cb4ca8afd2360ca2bf676993f43f2db
-
SHA256
52d37ef5f414ea192c1512f8740e0bb53e2d85ca04f133468a5267b491cb2ce6
-
SHA512
98bc6aae1b65997c5884f79114baa96f32c1a8e018403038cb3a2f1785d99b8feb892eaf41a1624968dbe63842ae0d98bd66e80de0d3aa17f9dcea01efe224e5
-
SSDEEP
24576:2qO1lo4HqTEa+XMiZG7BAZJXKrAT35YnW/nuBvOfkMFEGmFz:H0cTEfpi+zXK8T35YiuBvOvhm
-
Quasar payload
-
Suspicious use of SetThreadContext
-