Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543.exe
-
Size
288KB
-
Sample
250104-clz17axrgk
-
MD5
cc5e91e1a0c3ca5edf2bdba7fa252827
-
SHA1
004ba0788113ebb3bce8eaf63fa53c70caa91079
-
SHA256
30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543
-
SHA512
14ee287465bc50dc16ad042d35a14f9e676f645dabf4c4dfbd8f225845e45ab73fee6c3d7967fe44a21994ddbd5b76d0cbd01ec0a2784f913587313c4a407249
-
SSDEEP
6144:E7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbkln:6lJtTF9zVGkllbk5
Malware Config
Extracted
quasar
1.4.0.0
Office
85.192.29.60:5173
QAPB6w0UbYXMvQdKRF
-
encryption_key
pxC3g4rfVijQxK1hMGwM
-
install_name
csrss.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
NET framework
-
subdirectory
SubDir
Targets
-
-
Target
30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543.exe
-
Size
288KB
-
MD5
cc5e91e1a0c3ca5edf2bdba7fa252827
-
SHA1
004ba0788113ebb3bce8eaf63fa53c70caa91079
-
SHA256
30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543
-
SHA512
14ee287465bc50dc16ad042d35a14f9e676f645dabf4c4dfbd8f225845e45ab73fee6c3d7967fe44a21994ddbd5b76d0cbd01ec0a2784f913587313c4a407249
-
SSDEEP
6144:E7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbkln:6lJtTF9zVGkllbk5
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-