Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    db73c1d6a608da427db152e5a9f293dc_JaffaCakes118

  • Size

    507KB

  • Sample

    240911-3zycmazhla

  • MD5

    db73c1d6a608da427db152e5a9f293dc

  • SHA1

    983bd31b65f6de221ffcf99eb7cd854af975758b

  • SHA256

    44826422830a9dbdb47a8ae7b65e05dfda9c3ae44c20e9080e4b3b4a1f6ac445

  • SHA512

    a20e76805c47b29361a133cd06511186ceee57b48378a35f4791cda2651779ee2d91fa49e8ede6076da399b9f6239fa832337ddb1aebe75361d9aea581e3ea6d

  • SSDEEP

    12288:wlxpL3PJ2qP7r9r/+ppppppppppppppppppppppppppppp0Gm:Yxp1X1qm

Malware Config

Targets

    • Target

      db73c1d6a608da427db152e5a9f293dc_JaffaCakes118

    • Size

      507KB

    • MD5

      db73c1d6a608da427db152e5a9f293dc

    • SHA1

      983bd31b65f6de221ffcf99eb7cd854af975758b

    • SHA256

      44826422830a9dbdb47a8ae7b65e05dfda9c3ae44c20e9080e4b3b4a1f6ac445

    • SHA512

      a20e76805c47b29361a133cd06511186ceee57b48378a35f4791cda2651779ee2d91fa49e8ede6076da399b9f6239fa832337ddb1aebe75361d9aea581e3ea6d

    • SSDEEP

      12288:wlxpL3PJ2qP7r9r/+ppppppppppppppppppppppppppppp0Gm:Yxp1X1qm

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks