Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
quasar.exe
-
Size
3.1MB
-
Sample
230705-s6dlpadf73
-
MD5
8b0270a1fe2e8b6d98bd29ce11d18f9c
-
SHA1
a64f7a329f2e741d6ce6a3dd3a66023e4885f8c7
-
SHA256
e3c05e377bb3d08792a47d2d04488df5048549e96939a7207c5ef14015d2c329
-
SHA512
52e7f3ace9b489729fa8a0434dd362f88e5af8ec34c36b8f40f05fa8fcbc8316ec1e578d8cc6ea2ae9a1e7c7b06ace205f354562988b4428f34066f17589d168
-
SSDEEP
49152:Xv9z92YpaQI6oPZlhP3ReybewoMdRJ6XbR3LoGdasTHHB72eh2NT:XvV92YpaQI6oPZlhP3YybewoMdRJ6pK
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.56.1:4782
93.35.198.71:4782
7.tcp.eu.ngrok.io:14313:25565
63eac64e-75b2-49ce-8a2e-3d1114815132
-
encryption_key
4C728E4D527117B7094ADC3922AFF7A3BF47EF70
-
install_name
WinSysUpdate.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
WinSysAnalisis
Targets
-
-
Target
quasar.exe
-
Size
3.1MB
-
MD5
8b0270a1fe2e8b6d98bd29ce11d18f9c
-
SHA1
a64f7a329f2e741d6ce6a3dd3a66023e4885f8c7
-
SHA256
e3c05e377bb3d08792a47d2d04488df5048549e96939a7207c5ef14015d2c329
-
SHA512
52e7f3ace9b489729fa8a0434dd362f88e5af8ec34c36b8f40f05fa8fcbc8316ec1e578d8cc6ea2ae9a1e7c7b06ace205f354562988b4428f34066f17589d168
-
SSDEEP
49152:Xv9z92YpaQI6oPZlhP3ReybewoMdRJ6XbR3LoGdasTHHB72eh2NT:XvV92YpaQI6oPZlhP3YybewoMdRJ6pK
-
Quasar payload
-
Executes dropped EXE
-