Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    poo virus grr.rar

  • Size

    1.0MB

  • Sample

    241215-dj1elstpdl

  • MD5

    188f727e3be9e5d89c86d843441386f8

  • SHA1

    d84ecac02426ab30a66de06c7ec72e52a0eaad6d

  • SHA256

    8b507e7ba319bcbf1a13540ec20ad4f31d667a6a1cc99e091fc2f74066123c78

  • SHA512

    332358be50280c6005b95fc5fc288ab767abb0162c6f0ddd19fab8e4c5dd22f46ea2f724cac63baaf53086b7d095d04527d55a10796275fc9ecedd0f117c1718

  • SSDEEP

    24576:2zGoqxxbY9XIPD7Ltr4ol2iu0kiOiIBIvWCcxdxq:2wxxiXIHLyolt/7DIGvsxd0

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

181.99.66.83:4782

Mutex

7b23506c-ff83-4362-93b4-b99c14429834

Attributes
  • encryption_key

    7A8E2417AD5EAA788488BDF81FE6CACB01258933

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      poo virus grr.rar

    • Size

      1.0MB

    • MD5

      188f727e3be9e5d89c86d843441386f8

    • SHA1

      d84ecac02426ab30a66de06c7ec72e52a0eaad6d

    • SHA256

      8b507e7ba319bcbf1a13540ec20ad4f31d667a6a1cc99e091fc2f74066123c78

    • SHA512

      332358be50280c6005b95fc5fc288ab767abb0162c6f0ddd19fab8e4c5dd22f46ea2f724cac63baaf53086b7d095d04527d55a10796275fc9ecedd0f117c1718

    • SSDEEP

      24576:2zGoqxxbY9XIPD7Ltr4ol2iu0kiOiIBIvWCcxdxq:2wxxiXIHLyolt/7DIGvsxd0

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      poo virus grr/activate virus [logs ur device].exe

    • Size

      3.1MB

    • MD5

      7f604852d7713ce48e754d05cfdb9c2e

    • SHA1

      8caa2ea8644f0014d8949edf576b008de2fcde75

    • SHA256

      db706cddf84bb9d83cda2cc00e6832e26daa6592eef27fc37d39eccdc683e5d4

    • SHA512

      a36e50b1426e990c1130a309bf453657561b646b3160c1e3a3f4d46b02bf24706982f635be627521a909a61b8fa57f0fbcc108cb1c340a37f86725bc38454ef7

    • SSDEEP

      49152:DvyI22SsaNYfdPBldt698dBcjHDXUue8LzCoGhtTHHB72eh2NT:Dvf22SsaNYfdPBldt6+dBcjHDXUu0

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.