Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
API_Connector.bat
-
Size
586KB
-
Sample
240610-scd1cszfph
-
MD5
54b83bd573c13cd414255d487f47b770
-
SHA1
f35b29215c9039af7294b1e9db7977447f380cbe
-
SHA256
fae3ed9b66f0e1fc27bdd6605dd3fd0600ff4291971d850f61cd0696c4ed9926
-
SHA512
8c607148b7e001d5ea9efb048cebf3fc78238f333cc09c368078f77b0d0fcf4ac22a5594bd7417515ee4ea73e7943fb1e47232e9caac6e3e74caa3313c89f6d9
-
SSDEEP
12288:LiR+aj62WqH39ttfD1KhLZ6azySThfOwppoCQ/gcOhKrYFuuZUDGO0:mQt2WwxGJtvpOt/owriUDt0
Static task
static1
Malware Config
Extracted
quasar
1.3.0.0
Slave
runderscore00-61208.portmap.host:61208
QSR_MUTEX_cq1PvE2FSZsrtLytho
-
encryption_key
5vXgZSbIpHJzAn3ZrosQ
-
install_name
$phantom-powershell.exe
-
log_directory
$phantom-Logs
-
reconnect_delay
3000
-
startup_key
Powershell
-
subdirectory
$phantom-zero
Targets
-
-
Target
API_Connector.bat
-
Size
586KB
-
MD5
54b83bd573c13cd414255d487f47b770
-
SHA1
f35b29215c9039af7294b1e9db7977447f380cbe
-
SHA256
fae3ed9b66f0e1fc27bdd6605dd3fd0600ff4291971d850f61cd0696c4ed9926
-
SHA512
8c607148b7e001d5ea9efb048cebf3fc78238f333cc09c368078f77b0d0fcf4ac22a5594bd7417515ee4ea73e7943fb1e47232e9caac6e3e74caa3313c89f6d9
-
SSDEEP
12288:LiR+aj62WqH39ttfD1KhLZ6azySThfOwppoCQ/gcOhKrYFuuZUDGO0:mQt2WwxGJtvpOt/owriUDt0
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-