Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c9d37a723484c763c7c25000eb11c7bb9cda571a8c2b7886f4610af6cd473047.exe

  • Size

    9.0MB

  • Sample

    240502-cjx4tagc27

  • MD5

    4921d7a6d49401873cff200a4f3d990d

  • SHA1

    3d008d53e798505b858ff48574f3080210c56e27

  • SHA256

    c9d37a723484c763c7c25000eb11c7bb9cda571a8c2b7886f4610af6cd473047

  • SHA512

    9bc506b0615f3e7ba18ed70c92bef4dff257aad5437f17670ba88d8aec1ce20b0b46f8c194918e2c0fa0fa0397ec0ef2f954801da09fbf211c8597936fc097c4

  • SSDEEP

    98304:F6D7RBxsErIVyJTk8LJ5i4J/OCV4HEZFrp:QRw08yJIC5uuT

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

93.123.85.108:4782

Mutex

e14b8f59-979b-4ebf-8602-dd3c4d6c301e

Attributes
  • encryption_key

    534734397C0FA9A1D28F061AD75DF4100BFF5787

  • install_name

    Msconfig.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      c9d37a723484c763c7c25000eb11c7bb9cda571a8c2b7886f4610af6cd473047.exe

    • Size

      9.0MB

    • MD5

      4921d7a6d49401873cff200a4f3d990d

    • SHA1

      3d008d53e798505b858ff48574f3080210c56e27

    • SHA256

      c9d37a723484c763c7c25000eb11c7bb9cda571a8c2b7886f4610af6cd473047

    • SHA512

      9bc506b0615f3e7ba18ed70c92bef4dff257aad5437f17670ba88d8aec1ce20b0b46f8c194918e2c0fa0fa0397ec0ef2f954801da09fbf211c8597936fc097c4

    • SSDEEP

      98304:F6D7RBxsErIVyJTk8LJ5i4J/OCV4HEZFrp:QRw08yJIC5uuT

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing common artifacts observed in infostealers

    • Detects executables packed with SmartAssembly

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks