Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
231127-le2e4sff79
-
MD5
b29c8e703911c242f88f9f2d1be23121
-
SHA1
8adc17f1e94eeb0d95d35825c91b788d70d28de1
-
SHA256
4b4fb5711222878e343088374f7437bce99a5916d7e5c410b2763fde8d91ec63
-
SHA512
4c37427e88f6f17344be909ebfbb33e053a0b999f28230a548f343dbf1081ec511701cf61101eef3c9e99400ab73759050b34a9e973eb8fabf892bb2a886a74f
-
SSDEEP
49152:DvTlL26AaNeWgPhlmVqvMQ7XSKo9UksoG6STHHB72eh2NT:DvJL26AaNeWgPhlmVqkQ7XSKo9UL
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20231025-en
Malware Config
Extracted
quasar
1.4.1
Office04
127.0.0.7:5053
127.0.0.7:5054
6f01cc79-8527-4436-a34a-473fcf92b46f
-
encryption_key
D52EA8296126E8DD7D221BC02E2826F1CAA96C78
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
b29c8e703911c242f88f9f2d1be23121
-
SHA1
8adc17f1e94eeb0d95d35825c91b788d70d28de1
-
SHA256
4b4fb5711222878e343088374f7437bce99a5916d7e5c410b2763fde8d91ec63
-
SHA512
4c37427e88f6f17344be909ebfbb33e053a0b999f28230a548f343dbf1081ec511701cf61101eef3c9e99400ab73759050b34a9e973eb8fabf892bb2a886a74f
-
SSDEEP
49152:DvTlL26AaNeWgPhlmVqvMQ7XSKo9UksoG6STHHB72eh2NT:DvJL26AaNeWgPhlmVqkQ7XSKo9UL
-
Quasar payload
-
Executes dropped EXE
-