Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Client-built.exe
-
Size
502KB
-
Sample
241114-3yq7xsvhne
-
MD5
9df20812514dfcb87a556a5ef71d72bc
-
SHA1
798340d0ab815844690c29db3e791537690b752a
-
SHA256
e352a653ea9ba91b1d3d6c3c71695c27b4c0fa0ab90ed1c23cbbd2a22b9efece
-
SHA512
784f850c7abfb9d8d128cfdd906f7d1856898b6ffb58d9a6e86bd1ea629f2574f683f3cd60d0defdd8eea244705f81248f55d27827271f34a26e77250be64398
-
SSDEEP
12288:RTEgdfYnxUjmOad344ywgmpaO+gQvcdS:SUwMAd/ywgmpaO+gQvcdS
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20241023-en
Malware Config
Extracted
quasar
1.4.0
Office04
192.168.56.1:4782
0623266f-d360-4056-9f63-ed81b7a11fdf
-
encryption_key
CAC47E124130EBD3A11EBA5B8DAA79439482A0B5
-
install_name
Broker.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Broker
-
subdirectory
Broker
Targets
-
-
Target
Client-built.exe
-
Size
502KB
-
MD5
9df20812514dfcb87a556a5ef71d72bc
-
SHA1
798340d0ab815844690c29db3e791537690b752a
-
SHA256
e352a653ea9ba91b1d3d6c3c71695c27b4c0fa0ab90ed1c23cbbd2a22b9efece
-
SHA512
784f850c7abfb9d8d128cfdd906f7d1856898b6ffb58d9a6e86bd1ea629f2574f683f3cd60d0defdd8eea244705f81248f55d27827271f34a26e77250be64398
-
SSDEEP
12288:RTEgdfYnxUjmOad344ywgmpaO+gQvcdS:SUwMAd/ywgmpaO+gQvcdS
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-