Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7.exe
-
Size
1.0MB
-
Sample
240312-djhjssgd92
-
MD5
e51e1e4a21fef3fd98784683d80b5a02
-
SHA1
309790387ec94c189ef94803a87fab335159657a
-
SHA256
aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7
-
SHA512
329922a8229f6e07f549e8919b4f6e1d60bf7d153b30487c8dde0116d8b31745f88d3f7bf20616d2a88276e8d2c24859e73440a03d4d2ecc08cd207678d84265
-
SSDEEP
24576:A1QNv9uN9fFNd6AtvbGN/BCfKEPmxKVnRNWg:A1WluN9fZvbGyKFxg
Static task
static1
Behavioral task
behavioral1
Sample
aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.3.0.0
PVP2
clausetestbits.chickenkiller.com:64598
snoetestbits.ignorelist.com:64598
QSR_MUTEX_ttz0i8tcYpqYyKkP3l
-
encryption_key
kxBjTYBAXsyGYsjsYZcL
-
install_name
mcr.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
mcs
-
subdirectory
mcr
Targets
-
-
Target
aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7.exe
-
Size
1.0MB
-
MD5
e51e1e4a21fef3fd98784683d80b5a02
-
SHA1
309790387ec94c189ef94803a87fab335159657a
-
SHA256
aad9903b9803b9a3e2d6c7677d8eb80f537a3543e26725c48dde5e4c53d518b7
-
SHA512
329922a8229f6e07f549e8919b4f6e1d60bf7d153b30487c8dde0116d8b31745f88d3f7bf20616d2a88276e8d2c24859e73440a03d4d2ecc08cd207678d84265
-
SSDEEP
24576:A1QNv9uN9fFNd6AtvbGN/BCfKEPmxKVnRNWg:A1WluN9fZvbGyKFxg
Score10/10-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables packed with ConfuserEx Mod
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-