Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
intelservice.exe
-
Size
348KB
-
Sample
231121-bepffabc34
-
MD5
2f890b7ca2e7b4b24bb534c28e54d7cf
-
SHA1
e8d9f966c18f10f1eff01478d41dabacd0300da5
-
SHA256
92dde00e5a5426b5a20e9e9e87ea29c66c6ab7cd467cbe9a90bf971f2d21a6a7
-
SHA512
666670b52d4113a4909cc27fb38b851c0066a74aa2bfe67bb906a0c1fffedffaf26bd8f4aa0371adea3c9e51917c1de27b3cde2ed05db56aad16f476a955f841
-
SSDEEP
6144:60qQ4i1FFiEKDvLJavf52ibVcbVKglEb0ouAYyj9jZV293DIa:rpliTVOf56WBYylc3DIa
Behavioral task
behavioral1
Sample
intelservice.exe
Resource
win7-20231020-en
Malware Config
Extracted
quasar
1.3.0.0
hackee
20.205.140.63:1024
QSR_MUTEX_5Tlo4RbwyDWBOOlMEb
-
encryption_key
zFGtr8G9lnuwN5OHbzbL
-
install_name
intelservice.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Intel CPU Service
-
subdirectory
intelcpu
Targets
-
-
Target
intelservice.exe
-
Size
348KB
-
MD5
2f890b7ca2e7b4b24bb534c28e54d7cf
-
SHA1
e8d9f966c18f10f1eff01478d41dabacd0300da5
-
SHA256
92dde00e5a5426b5a20e9e9e87ea29c66c6ab7cd467cbe9a90bf971f2d21a6a7
-
SHA512
666670b52d4113a4909cc27fb38b851c0066a74aa2bfe67bb906a0c1fffedffaf26bd8f4aa0371adea3c9e51917c1de27b3cde2ed05db56aad16f476a955f841
-
SSDEEP
6144:60qQ4i1FFiEKDvLJavf52ibVcbVKglEb0ouAYyj9jZV293DIa:rpliTVOf56WBYylc3DIa
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-