Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1676-70-0x...ry.exe

windows7-x64

1676-70-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1676-70-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • Sample

    230510-mk5kdshc8z

  • MD5

    3194a43ba64d22f5fc7538464a00a3ac

  • SHA1

    22fed476aedeb205eb498277712d8a7d31f62ad4

  • SHA256

    f09da146c637dd01f05a2bd1d685a35612c549d1012c6c3e77c7cbf7320435d9

  • SHA512

    8d72db437aa98c91f05af6c88081e909a360b54e5ca9f5c282c8c1f3c0a995f397e17485022011885b85cff53b5307ddc6a340c5655093bc1a35755d132d24c5

  • SSDEEP

    49152:uvrlL26AaNeWgPhlmVqvMQ7XSKQCfC+5g+nBeULoGadTHHB72eh2NT:uvRL26AaNeWgPhlmVqkQ7XSK5C4

Score
10/10
quasarbsss

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

BSSS

C2

uzgrode.hopto.org:4782

54.39.249.59:4782
Mutex

5a6f93bb-12b6-4772-88e4-0bca0c63e32d

Attributes
  • encryption_key

    2D03D2AF3B6D05E5871555497FAF558A6487DF6A

  • install_name

    adobeno.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    WindowsNow Startup

  • subdirectory

    AdobeNow

Targets

    • Target

      1676-70-0x0000000000400000-0x0000000000724000-memory.dmp

    • Size

      3.1MB

    • MD5

      3194a43ba64d22f5fc7538464a00a3ac

    • SHA1

      22fed476aedeb205eb498277712d8a7d31f62ad4

    • SHA256

      f09da146c637dd01f05a2bd1d685a35612c549d1012c6c3e77c7cbf7320435d9

    • SHA512

      8d72db437aa98c91f05af6c88081e909a360b54e5ca9f5c282c8c1f3c0a995f397e17485022011885b85cff53b5307ddc6a340c5655093bc1a35755d132d24c5

    • SSDEEP

      49152:uvrlL26AaNeWgPhlmVqvMQ7XSKQCfC+5g+nBeULoGadTHHB72eh2NT:uvRL26AaNeWgPhlmVqkQ7XSK5C4

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks