Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DOX !Aka team ‮gnp.scr

  • Size

    1.5MB

  • Sample

    240821-ft3c3avemk

  • MD5

    8cb48770ef48c80f07c8a7a3ef1586ee

  • SHA1

    1d1083098c4841ff23e3b040fb209af9887feb59

  • SHA256

    8a9718d2658c908e0ced599e637ce1ab27cfc22e43829ae6bcf784a8591825eb

  • SHA512

    befee76662064711a8ee60adf9aaaa3ccc3f4203db06974314d3d620d6e65e8789b5c2357bf75cfec5b65eb8258b07fc34887e4f8a632617b2927b2988a3365f

  • SSDEEP

    49152:zDjlabwz95bKxxiXIHLyoltXyYfyu7aOCwI:/qw/2xqIHL5tCl7OCwI

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.27:4782

Mutex

52f67a9c-ccc2-4eec-a61c-1567fbfeab31

Attributes
  • encryption_key

    E57D88E5AA0EFBFC2E93ADCD1BD6BB2BCF4B3BAA

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      DOX !Aka team ‮gnp.scr

    • Size

      1.5MB

    • MD5

      8cb48770ef48c80f07c8a7a3ef1586ee

    • SHA1

      1d1083098c4841ff23e3b040fb209af9887feb59

    • SHA256

      8a9718d2658c908e0ced599e637ce1ab27cfc22e43829ae6bcf784a8591825eb

    • SHA512

      befee76662064711a8ee60adf9aaaa3ccc3f4203db06974314d3d620d6e65e8789b5c2357bf75cfec5b65eb8258b07fc34887e4f8a632617b2927b2988a3365f

    • SSDEEP

      49152:zDjlabwz95bKxxiXIHLyoltXyYfyu7aOCwI:/qw/2xqIHL5tCl7OCwI

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks