Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3630b92ac5ed33de5eb53b563913bb02.bin
-
Size
502KB
-
Sample
230331-blws4agb28
-
MD5
3630b92ac5ed33de5eb53b563913bb02
-
SHA1
34828f9a66c2c9c0f0cf93419dc96a62bfea476b
-
SHA256
17473731182bcea4cee088d78f802ea947926a5cbc8708b4ba31d7585ee8b19f
-
SHA512
034d8e4509816f18f2f75996914d9ef179985a5d53e002b982e208030d2b60413faec917ad6ac1e02f609261d57bb88221c7840271ab64f3cc0b54e3c2b5501b
-
SSDEEP
12288:dTEgdfYjbg+qBTaa4EywIGpYR1MIwcdD:+UwzgXywIGpYR6IwcdD
Behavioral task
behavioral1
Sample
3630b92ac5ed33de5eb53b563913bb02.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.4.0
Office05
needforrat.hopto.org:7771
d70dba78-082d-4d62-9d71-b4a1c6961022
-
encryption_key
110272D9471BA005C613D451E07D98ABB8403AED
-
install_name
Client1.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Defender
-
subdirectory
SubDir
Targets
-
-
Target
3630b92ac5ed33de5eb53b563913bb02.bin
-
Size
502KB
-
MD5
3630b92ac5ed33de5eb53b563913bb02
-
SHA1
34828f9a66c2c9c0f0cf93419dc96a62bfea476b
-
SHA256
17473731182bcea4cee088d78f802ea947926a5cbc8708b4ba31d7585ee8b19f
-
SHA512
034d8e4509816f18f2f75996914d9ef179985a5d53e002b982e208030d2b60413faec917ad6ac1e02f609261d57bb88221c7840271ab64f3cc0b54e3c2b5501b
-
SSDEEP
12288:dTEgdfYjbg+qBTaa4EywIGpYR1MIwcdD:+UwzgXywIGpYR6IwcdD
-
Quasar payload
-
Executes dropped EXE
-