Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    231127-le2e4sff79

  • MD5

    b29c8e703911c242f88f9f2d1be23121

  • SHA1

    8adc17f1e94eeb0d95d35825c91b788d70d28de1

  • SHA256

    4b4fb5711222878e343088374f7437bce99a5916d7e5c410b2763fde8d91ec63

  • SHA512

    4c37427e88f6f17344be909ebfbb33e053a0b999f28230a548f343dbf1081ec511701cf61101eef3c9e99400ab73759050b34a9e973eb8fabf892bb2a886a74f

  • SSDEEP

    49152:DvTlL26AaNeWgPhlmVqvMQ7XSKo9UksoG6STHHB72eh2NT:DvJL26AaNeWgPhlmVqkQ7XSKo9UL

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.7:5053

127.0.0.7:5054

Mutex

6f01cc79-8527-4436-a34a-473fcf92b46f

Attributes
  • encryption_key

    D52EA8296126E8DD7D221BC02E2826F1CAA96C78

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      b29c8e703911c242f88f9f2d1be23121

    • SHA1

      8adc17f1e94eeb0d95d35825c91b788d70d28de1

    • SHA256

      4b4fb5711222878e343088374f7437bce99a5916d7e5c410b2763fde8d91ec63

    • SHA512

      4c37427e88f6f17344be909ebfbb33e053a0b999f28230a548f343dbf1081ec511701cf61101eef3c9e99400ab73759050b34a9e973eb8fabf892bb2a886a74f

    • SSDEEP

      49152:DvTlL26AaNeWgPhlmVqvMQ7XSKo9UksoG6STHHB72eh2NT:DvJL26AaNeWgPhlmVqkQ7XSKo9UL

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks