Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
241228-v55d5azrbp
-
MD5
73a3341a9194801bc9024e6b8f963258
-
SHA1
7c10750556e5eba8e9872432561f76d010d519f3
-
SHA256
5fb2ada2fd81c7b0ed6e517e92900c6336323bc9f1b7fb19989e9a4e44ef0213
-
SHA512
629756335bcb53b1fde013c4c090f580b622bafe6d340bba0b9d1d53c3acc0719dbae025fb389ccad1bc298835a76077607f34a3ededa6e701d3dacabac375f7
-
SSDEEP
49152:Cv5G42pda6D+/PjlLOlg6yQipVil6bn1JqLoGdbTHHB72eh2NT:Cvo42pda6D+/PjlLOlZyQipVLbM
Malware Config
Extracted
quasar
1.4.1
Office04
auto-london.gl.at.ply.gg:51655
facilities-desktop.gl.at.ply.gg:5987
1ae47733-5e8b-44b5-b988-3cb4dd5ded05
-
encryption_key
3C8DD6CA308BD63A3F09A62959EA7F529CD3E4F7
-
install_name
bob123.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
SytemUpd
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
73a3341a9194801bc9024e6b8f963258
-
SHA1
7c10750556e5eba8e9872432561f76d010d519f3
-
SHA256
5fb2ada2fd81c7b0ed6e517e92900c6336323bc9f1b7fb19989e9a4e44ef0213
-
SHA512
629756335bcb53b1fde013c4c090f580b622bafe6d340bba0b9d1d53c3acc0719dbae025fb389ccad1bc298835a76077607f34a3ededa6e701d3dacabac375f7
-
SSDEEP
49152:Cv5G42pda6D+/PjlLOlg6yQipVil6bn1JqLoGdbTHHB72eh2NT:Cvo42pda6D+/PjlLOlZyQipVLbM
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-