Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
27/04/2024, 11:25
240427-nje4saaa9x 10General
-
Target
CelexV2.exe
-
Size
3.4MB
-
Sample
240427-nje4saaa9x
-
MD5
086ecd8c32492885d5776efc72a551cc
-
SHA1
05c8a9ea60d0012f9c48d1e4c083a7dafb98b776
-
SHA256
26052a7cbba762383fc09fa567fbe0e4dae8c0f6cd8d1253b656f56cc68fc770
-
SHA512
facceff510b9a384471c2081126c64e4308ff1eb7b14db6974ce6c7d7fbde004e0d37b6d7eccb525c705249cba40fa1e32fb4be8ef04abaec18132917d589dc6
-
SSDEEP
49152:vvde821/aQWl8P0lSk3aKA3Z+nYYSr1JBboGdVTHHB72eh2NTcY2b:vvw821/aQWl8P0lSk3DA3Z+nYYSB3x
Malware Config
Extracted
quasar
1.4.1
Kami
ddqqswwzdzrr.3utilities.com:4782
9e9aa4ca-d696-4e54-9cbd-83e91918f73c
-
encryption_key
4586CDEAC9B29D84A4925415D110E19EDB8D0A8B
-
install_name
KamiRat.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
KamiRat (deactivate this or it will run a the computer startup)
-
subdirectory
Kami
Targets
-
-
Target
CelexV2.exe
-
Size
3.4MB
-
MD5
086ecd8c32492885d5776efc72a551cc
-
SHA1
05c8a9ea60d0012f9c48d1e4c083a7dafb98b776
-
SHA256
26052a7cbba762383fc09fa567fbe0e4dae8c0f6cd8d1253b656f56cc68fc770
-
SHA512
facceff510b9a384471c2081126c64e4308ff1eb7b14db6974ce6c7d7fbde004e0d37b6d7eccb525c705249cba40fa1e32fb4be8ef04abaec18132917d589dc6
-
SSDEEP
49152:vvde821/aQWl8P0lSk3aKA3Z+nYYSr1JBboGdVTHHB72eh2NTcY2b:vvw821/aQWl8P0lSk3DA3Z+nYYSB3x
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-