Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
DOX !Aka team gnp.scr
-
Size
1.5MB
-
Sample
240821-ft3c3avemk
-
MD5
8cb48770ef48c80f07c8a7a3ef1586ee
-
SHA1
1d1083098c4841ff23e3b040fb209af9887feb59
-
SHA256
8a9718d2658c908e0ced599e637ce1ab27cfc22e43829ae6bcf784a8591825eb
-
SHA512
befee76662064711a8ee60adf9aaaa3ccc3f4203db06974314d3d620d6e65e8789b5c2357bf75cfec5b65eb8258b07fc34887e4f8a632617b2927b2988a3365f
-
SSDEEP
49152:zDjlabwz95bKxxiXIHLyoltXyYfyu7aOCwI:/qw/2xqIHL5tCl7OCwI
Static task
static1
Behavioral task
behavioral1
Sample
DOX !Aka team gnp.scr
Resource
win7-20240704-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.27:4782
52f67a9c-ccc2-4eec-a61c-1567fbfeab31
-
encryption_key
E57D88E5AA0EFBFC2E93ADCD1BD6BB2BCF4B3BAA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
DOX !Aka team gnp.scr
-
Size
1.5MB
-
MD5
8cb48770ef48c80f07c8a7a3ef1586ee
-
SHA1
1d1083098c4841ff23e3b040fb209af9887feb59
-
SHA256
8a9718d2658c908e0ced599e637ce1ab27cfc22e43829ae6bcf784a8591825eb
-
SHA512
befee76662064711a8ee60adf9aaaa3ccc3f4203db06974314d3d620d6e65e8789b5c2357bf75cfec5b65eb8258b07fc34887e4f8a632617b2927b2988a3365f
-
SSDEEP
49152:zDjlabwz95bKxxiXIHLyoltXyYfyu7aOCwI:/qw/2xqIHL5tCl7OCwI
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-