Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10MMLo7.Rat.rar
windows7-x64
7MMLo7.Rat.rar
windows10-1703-x64
7MMLo7.Rat.rar
windows10-2004-x64
10MMLo7 Rat.exe
windows7-x64
1MMLo7 Rat.exe
windows10-1703-x64
5MMLo7 Rat.exe
windows10-2004-x64
10turingmachine.exe
windows7-x64
1turingmachine.exe
windows10-1703-x64
5turingmachine.exe
windows10-2004-x64
10General
-
Target
MMLo7.Rat.rar
-
Size
5.7MB
-
Sample
230822-maabhadb7v
-
MD5
4747547f047d47bd37bc0d1b65625694
-
SHA1
827e3f9ca857ed95ef8185c80e5fa85fdffa28e4
-
SHA256
091833fb986ac8a78a9a33ae7852d2b02d510348bdcb915d4e2e51a6de27f64a
-
SHA512
3336de360626d125c4777d626a0790c69faf209c642d99d085cd72f92b9e5ba93aca9f9c92d81cb1e3b2ee21f6ff12cf9c6fe6ecbe9554ad846fa1cd74874241
-
SSDEEP
98304:HtkSjvhd8cMOBhzp1svAJFF5N7nicdRaDzmLW/nJHksov7iUsPIUDjvEQnQLligi:HtBjJd8vazEQFPN7tAeaBLNUsPIUvMUL
Behavioral task
behavioral1
Sample
MMLo7.Rat.rar
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
MMLo7.Rat.rar
Resource
win10-20230703-en
Behavioral task
behavioral3
Sample
MMLo7.Rat.rar
Resource
win10v2004-20230703-en
Behavioral task
behavioral4
Sample
MMLo7 Rat.exe
Resource
win7-20230712-en
Behavioral task
behavioral5
Sample
MMLo7 Rat.exe
Resource
win10-20230703-en
Behavioral task
behavioral6
Sample
MMLo7 Rat.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
turingmachine.exe
Resource
win7-20230712-en
Behavioral task
behavioral8
Sample
turingmachine.exe
Resource
win10-20230703-en
Malware Config
Extracted
quasar
-
reconnect_delay
5000
Extracted
xworm
-
install_file
USB.exe
Extracted
quasar
1.3.3.7
Office04
127.0.0.1:305
QSR_MUTEX_2Q0xuNOWuzstz1nIHm
-
encryption_key
yXJmgz868tgJWmotirHr
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
MMLo7.Rat.rar
-
Size
5.7MB
-
MD5
4747547f047d47bd37bc0d1b65625694
-
SHA1
827e3f9ca857ed95ef8185c80e5fa85fdffa28e4
-
SHA256
091833fb986ac8a78a9a33ae7852d2b02d510348bdcb915d4e2e51a6de27f64a
-
SHA512
3336de360626d125c4777d626a0790c69faf209c642d99d085cd72f92b9e5ba93aca9f9c92d81cb1e3b2ee21f6ff12cf9c6fe6ecbe9554ad846fa1cd74874241
-
SSDEEP
98304:HtkSjvhd8cMOBhzp1svAJFF5N7nicdRaDzmLW/nJHksov7iUsPIUDjvEQnQLligi:HtBjJd8vazEQFPN7tAeaBLNUsPIUvMUL
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
MMLo7 Rat.exe
-
Size
2.8MB
-
MD5
2dc24c81438806bd03b492b9a3f3c55c
-
SHA1
1b62f6d53570d7cd3c8d04e6ea7e349b5de5cc89
-
SHA256
3edd74d68dd78681ed9eae3973ee2fb878c60e6e24dfa313ea2b4547008b1149
-
SHA512
f03ef03ffd926c35a6c88be065a8b6174af323a9fc633fc8d0c1ee55bf8b2eb5ef824d9c9feda21104dd10ff7f0d8d0660e9d4ba0cd8a932dd5d8e342f023ce1
-
SSDEEP
49152:cTtjEoXzJndn324ktdDyXqimfg9vdsIvQBLjEWdK/EEj8iG/MRmJ:stnXzJ12lDyXJMsvGs8Ljc7oRR
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
turingmachine.exe
-
Size
286KB
-
MD5
c81a9adf64819041ac1435fab28004e3
-
SHA1
a126d54caabbdd6456ac1ddd57a4ead629f4f287
-
SHA256
5a1c7a22a6fbe36701b53b49a134ad37ab6194030753824a1bef260862902ac8
-
SHA512
3ec5bc46bd46a06271905614adde9e60dd30d2315eb700d36852c6d2e1207a6218d007a7eb9ef2f0134eae53b1a04305be61e314e0ca426e132e8660e0bdcf58
-
SSDEEP
6144:lGz3mOwb5nxTfSUkAxzi1jZtV6GUvUwibiCcefPgMJjaTbMFfCNB53C:2YxrOKHibiCce3jaU6B53C
-
Quasar payload
-