Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3630b92ac5ed33de5eb53b563913bb02.bin

  • Size

    502KB

  • Sample

    230331-blws4agb28

  • MD5

    3630b92ac5ed33de5eb53b563913bb02

  • SHA1

    34828f9a66c2c9c0f0cf93419dc96a62bfea476b

  • SHA256

    17473731182bcea4cee088d78f802ea947926a5cbc8708b4ba31d7585ee8b19f

  • SHA512

    034d8e4509816f18f2f75996914d9ef179985a5d53e002b982e208030d2b60413faec917ad6ac1e02f609261d57bb88221c7840271ab64f3cc0b54e3c2b5501b

  • SSDEEP

    12288:dTEgdfYjbg+qBTaa4EywIGpYR1MIwcdD:+UwzgXywIGpYR6IwcdD

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office05

C2

needforrat.hopto.org:7771

Mutex

d70dba78-082d-4d62-9d71-b4a1c6961022

Attributes
  • encryption_key

    110272D9471BA005C613D451E07D98ABB8403AED

  • install_name

    Client1.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Defender

  • subdirectory

    SubDir

Targets

    • Target

      3630b92ac5ed33de5eb53b563913bb02.bin

    • Size

      502KB

    • MD5

      3630b92ac5ed33de5eb53b563913bb02

    • SHA1

      34828f9a66c2c9c0f0cf93419dc96a62bfea476b

    • SHA256

      17473731182bcea4cee088d78f802ea947926a5cbc8708b4ba31d7585ee8b19f

    • SHA512

      034d8e4509816f18f2f75996914d9ef179985a5d53e002b982e208030d2b60413faec917ad6ac1e02f609261d57bb88221c7840271ab64f3cc0b54e3c2b5501b

    • SSDEEP

      12288:dTEgdfYjbg+qBTaa4EywIGpYR1MIwcdD:+UwzgXywIGpYR6IwcdD

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks