Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
864bec690da391f258de447606ac18baa79672b665ba321a4da67ed59d567cad.exe
-
Size
3.1MB
-
MD5
7f888b6cbd5062a7558eea61eb9a9ca2
-
SHA1
2acfb5c3e7b8e569ea52397154b9b3ffb44e7d87
-
SHA256
864bec690da391f258de447606ac18baa79672b665ba321a4da67ed59d567cad
-
SHA512
7da70e844e0fce4b4bbc70db89503b95b6514cabf9ce9cf66fed643f6c11aafc5e7a8f385b5d16f7fa802cc47c9200bf486030834551d14c55078307ef7e93d8
-
SSDEEP
49152:/v2lL26AaNeWgPhlmVqvMQ7XSKKQSYmzwXoGdVTHHB72eh2NT:/v2L26AaNeWgPhlmVqkQ7XSKKQSq
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
llordiWasHere-55715.portmap.host:55715
Mutex
124c5996-13c0-46a2-804a-191042a109db
Attributes
-
encryption_key
5F48258CBD7D9014A9443146E8A3D837D1715CAE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
864bec690da391f258de447606ac18baa79672b665ba321a4da67ed59d567cad.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections