Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

932cb7b108...6c.exe

windows7-x64

10

932cb7b108...6c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    932cb7b1080180487be4b5754bd92600409bafda80d412018a792a8930c6a46c

  • Size

    3.1MB

  • MD5

    7ae9e9867e301a3fdd47d217b335d30f

  • SHA1

    d8c62d8d73aeee1cbc714245f7a9a39fcfb80760

  • SHA256

    932cb7b1080180487be4b5754bd92600409bafda80d412018a792a8930c6a46c

  • SHA512

    063648705e1817a1df82c9a595e4bbe8e0b1dbb7e31a6517df59905ebe7f22160f4acb55349d03dfe70744a14fd53c59a4c657c7a96646fcccf1c2214fc803dd

  • SSDEEP

    49152:/vTlL26AaNeWgPhlmVqvMQ7XSKn8GE18hk/gv4oGdQTHHB72eh2NT:/vJL26AaNeWgPhlmVqkQ7XSKn8mA

Score
10/10
runtimebrokerquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

RuntimeBroker

C2

Cmaster-57540.portmap.io:57540:8080

Mutex

7d0b5d0f-c185-4da8-b709-726d2f58400c

Attributes
  • encryption_key

    6275D618DF6119CEEF062AB381785B6186B8C0EB

  • install_name

    RuntimeBroker.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    RuntimeBroker

  • subdirectory

    devtun

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 932cb7b1080180487be4b5754bd92600409bafda80d412018a792a8930c6a46c
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.