Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Zula Spacex Hack.exe
-
Size
2.2MB
-
Sample
241210-rvgnjaxpdz
-
MD5
7785c52b863e9dae3fac08e3b130bb32
-
SHA1
d812fe11ca73f802e5dbfa3422c17d88bf59066d
-
SHA256
0f19f7f52cd3153147f72eadde474b26ad507715727d9a905a0817e4127fd334
-
SHA512
805aa770dce5b6fe0743d8de53c8b597eed372115f4b93077e5e22d5269f3b3425c01206d17c98f4ad7dae8aa3e001511c2e2bb598628700b804653965b7bc8a
-
SSDEEP
49152:+/y6Dko0SrLauBl8GGftU2wDRxOUiH6wPsJ1EtA9guyZ:+qW0UBMQxER2iA9guyZ
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Extracted
quasar
1.4.1
zulaspcx
yeniceri99-24578.portmap.io:24578
938aa95f-e3d4-483d-9217-ffafea133927
-
encryption_key
3BBA711AB673CCE3CC23338F52513D2C4D42AFEF
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
Windows
Targets
-
-
Target
Zula Spacex Hack.exe
-
Size
2.2MB
-
MD5
7785c52b863e9dae3fac08e3b130bb32
-
SHA1
d812fe11ca73f802e5dbfa3422c17d88bf59066d
-
SHA256
0f19f7f52cd3153147f72eadde474b26ad507715727d9a905a0817e4127fd334
-
SHA512
805aa770dce5b6fe0743d8de53c8b597eed372115f4b93077e5e22d5269f3b3425c01206d17c98f4ad7dae8aa3e001511c2e2bb598628700b804653965b7bc8a
-
SSDEEP
49152:+/y6Dko0SrLauBl8GGftU2wDRxOUiH6wPsJ1EtA9guyZ:+qW0UBMQxER2iA9guyZ
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-