Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c9d37a723484c763c7c25000eb11c7bb9cda571a8c2b7886f4610af6cd473047.exe
-
Size
9.0MB
-
Sample
240502-cjx4tagc27
-
MD5
4921d7a6d49401873cff200a4f3d990d
-
SHA1
3d008d53e798505b858ff48574f3080210c56e27
-
SHA256
c9d37a723484c763c7c25000eb11c7bb9cda571a8c2b7886f4610af6cd473047
-
SHA512
9bc506b0615f3e7ba18ed70c92bef4dff257aad5437f17670ba88d8aec1ce20b0b46f8c194918e2c0fa0fa0397ec0ef2f954801da09fbf211c8597936fc097c4
-
SSDEEP
98304:F6D7RBxsErIVyJTk8LJ5i4J/OCV4HEZFrp:QRw08yJIC5uuT
Static task
static1
Behavioral task
behavioral1
Sample
c9d37a723484c763c7c25000eb11c7bb9cda571a8c2b7886f4610af6cd473047.exe
Resource
win7-20231129-en
Malware Config
Extracted
quasar
1.4.1
Office04
93.123.85.108:4782
e14b8f59-979b-4ebf-8602-dd3c4d6c301e
-
encryption_key
534734397C0FA9A1D28F061AD75DF4100BFF5787
-
install_name
Msconfig.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
c9d37a723484c763c7c25000eb11c7bb9cda571a8c2b7886f4610af6cd473047.exe
-
Size
9.0MB
-
MD5
4921d7a6d49401873cff200a4f3d990d
-
SHA1
3d008d53e798505b858ff48574f3080210c56e27
-
SHA256
c9d37a723484c763c7c25000eb11c7bb9cda571a8c2b7886f4610af6cd473047
-
SHA512
9bc506b0615f3e7ba18ed70c92bef4dff257aad5437f17670ba88d8aec1ce20b0b46f8c194918e2c0fa0fa0397ec0ef2f954801da09fbf211c8597936fc097c4
-
SSDEEP
98304:F6D7RBxsErIVyJTk8LJ5i4J/OCV4HEZFrp:QRw08yJIC5uuT
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables packed with SmartAssembly
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-