Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    OperaSetup.exe

  • Size

    6.1MB

  • Sample

    230804-lje3nsad26

  • MD5

    0ce4fdaf85397833c486de4cee4bab26

  • SHA1

    a80b5273a340e0ebc95ce8e1a643f7fc0347153c

  • SHA256

    8281d71efcdc4a31140455be8ea5bfe040064cc2d2b68ef1722ed65ce9e937de

  • SHA512

    d05f607ffc2cf6876022fce6c09fbf6b70c17a46a57c6fc29bf06784d0b2aaee9c2f27dbcb0ecb096d4af7d724f9d8553008e112095a7b252d7a0334fc3d99ac

  • SSDEEP

    98304:BGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqCRHIs2iTa2UUePNlcF134zJM7ts4J6:B3NlqaubXgUCqCdjmMJJ

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Extracted

Family

quasar

Version

1.0

Botnet

Opera

C2

RomaPro28937723-49554.portmap.io:49554

Mutex

dbdeb9e2-1d62-453a-8c06-8a6bf4be3071

Attributes
  • encryption_key

    8A2A7B58F2803115FF796E733C7311493928333B

  • install_name

    launcher.exe

  • log_directory

    Opera Logs

  • reconnect_delay

    3000

  • startup_key

    Opera Launcher

  • subdirectory

    Opera Software

Targets

    • Target

      OperaSetup.exe

    • Size

      6.1MB

    • MD5

      0ce4fdaf85397833c486de4cee4bab26

    • SHA1

      a80b5273a340e0ebc95ce8e1a643f7fc0347153c

    • SHA256

      8281d71efcdc4a31140455be8ea5bfe040064cc2d2b68ef1722ed65ce9e937de

    • SHA512

      d05f607ffc2cf6876022fce6c09fbf6b70c17a46a57c6fc29bf06784d0b2aaee9c2f27dbcb0ecb096d4af7d724f9d8553008e112095a7b252d7a0334fc3d99ac

    • SSDEEP

      98304:BGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqCRHIs2iTa2UUePNlcF134zJM7ts4J6:B3NlqaubXgUCqCdjmMJJ

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks