Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Client-built.exe

  • Size

    502KB

  • Sample

    241114-3yq7xsvhne

  • MD5

    9df20812514dfcb87a556a5ef71d72bc

  • SHA1

    798340d0ab815844690c29db3e791537690b752a

  • SHA256

    e352a653ea9ba91b1d3d6c3c71695c27b4c0fa0ab90ed1c23cbbd2a22b9efece

  • SHA512

    784f850c7abfb9d8d128cfdd906f7d1856898b6ffb58d9a6e86bd1ea629f2574f683f3cd60d0defdd8eea244705f81248f55d27827271f34a26e77250be64398

  • SSDEEP

    12288:RTEgdfYnxUjmOad344ywgmpaO+gQvcdS:SUwMAd/ywgmpaO+gQvcdS

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

192.168.56.1:4782

Mutex

0623266f-d360-4056-9f63-ed81b7a11fdf

Attributes
  • encryption_key

    CAC47E124130EBD3A11EBA5B8DAA79439482A0B5

  • install_name

    Broker.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Broker

  • subdirectory

    Broker

Targets

    • Target

      Client-built.exe

    • Size

      502KB

    • MD5

      9df20812514dfcb87a556a5ef71d72bc

    • SHA1

      798340d0ab815844690c29db3e791537690b752a

    • SHA256

      e352a653ea9ba91b1d3d6c3c71695c27b4c0fa0ab90ed1c23cbbd2a22b9efece

    • SHA512

      784f850c7abfb9d8d128cfdd906f7d1856898b6ffb58d9a6e86bd1ea629f2574f683f3cd60d0defdd8eea244705f81248f55d27827271f34a26e77250be64398

    • SSDEEP

      12288:RTEgdfYnxUjmOad344ywgmpaO+gQvcdS:SUwMAd/ywgmpaO+gQvcdS

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks