Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    nigger.exe

  • Size

    3.1MB

  • Sample

    240709-bzdvfasbjb

  • MD5

    4999b135603f44230d18f73c4308bffe

  • SHA1

    691754c54a1aa05a09ed28512d1b0abf6968ac15

  • SHA256

    d68f05e53c7442acc2a4f45dcada6edcc6a2ae5538ae504181176e9eed419e71

  • SHA512

    e3a5362cdea95b0a0d5bb1b5b59d9d01948228d2a4ba216281ae2854523a6c11600251dbde18123e7c017f6d7712060ab089bdcc0f0b91db65ba8cf226c6fb06

  • SSDEEP

    49152:DvXG42pda6D+/PjlLOlg6yQipVBXac5L3Ak/d8oGd2LdTHHB72eh2NT:Dv242pda6D+/PjlLOlZyQipVhaV

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

massdm

C2

192.168.1.156:4782

r-minolta.gl.at.ply.gg:63431

Mutex

7a0df206-428b-4b7b-939a-21fd6eb0a342

Attributes
  • encryption_key

    EB77EF1E2C1E9FC0CC580EBFBB1E68F8B012F37E

  • install_name

    massdm.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Update

  • subdirectory

    SubDir

Targets

    • Target

      nigger.exe

    • Size

      3.1MB

    • MD5

      4999b135603f44230d18f73c4308bffe

    • SHA1

      691754c54a1aa05a09ed28512d1b0abf6968ac15

    • SHA256

      d68f05e53c7442acc2a4f45dcada6edcc6a2ae5538ae504181176e9eed419e71

    • SHA512

      e3a5362cdea95b0a0d5bb1b5b59d9d01948228d2a4ba216281ae2854523a6c11600251dbde18123e7c017f6d7712060ab089bdcc0f0b91db65ba8cf226c6fb06

    • SSDEEP

      49152:DvXG42pda6D+/PjlLOlg6yQipVBXac5L3Ak/d8oGd2LdTHHB72eh2NT:Dv242pda6D+/PjlLOlZyQipVhaV

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks