Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
534280e154dc967612dc97e9d4273b6f69436d374203ab0d6181608b6cb02362.exe
-
Size
3.1MB
-
MD5
f67e6aafbd9c86771f11c05ae83ae83e
-
SHA1
c9fe04c78139d000182d89f4dd013e647db64cc0
-
SHA256
534280e154dc967612dc97e9d4273b6f69436d374203ab0d6181608b6cb02362
-
SHA512
f5d5b09a92a3bc7ff862cf87c5a4285e2ada1ec4cb9d5b1467e358ad3678a2dfe6acd2f1819b7f9646f1ef5e038c9ffb295ef8a6590a75cdf911913a5edaf27a
-
SSDEEP
49152:avht62XlaSFNWPjljiFa2RoUYI+Y6a95fQrk/1LoGdpTHHB72eh2NT:avL62XlaSFNWPjljiFXRoUYI8aB
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
interestingsigma.hopto.org:20
Mutex
11bbf22e-826e-486b-b024-adbd86228a9e
Attributes
-
encryption_key
7A589EDBC6A581E125BF830EF0D05FC74BB75E30
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
ctfmon
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
534280e154dc967612dc97e9d4273b6f69436d374203ab0d6181608b6cb02362.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections