Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

18/01/2025, 21:07

250118-zyrlxavjfz 10

18/01/2025, 20:55

250118-zqe8xatqb1 10

General

  • Target

    RC7old.exe

  • Size

    3.1MB

  • MD5

    5efb08d03470612d11124136accc84fa

  • SHA1

    46abe602f6566ff6103f504ef8ae73f43eae19c1

  • SHA256

    853cf003dd01ec972a222a28b1e8b260fb06fab20245e609cb7df103d110343f

  • SHA512

    13a1fbeae357662e2e2a60e511a3bce2f63fef40a96ba49f25e745dd466ca3da24de5155f0f2233e8d15941f353a21df14247ab7b4ebf84ee419ca7d7b7ae74a

  • SSDEEP

    49152:CvHI22SsaNYfdPBldt698dBcjHuYREEf/yk/65LoGdvYAFTHHB72eh2NT:Cvo22SsaNYfdPBldt6+dBcjHuYRkp

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

RC7old

C2

yellow-parts.gl.at.ply.gg:52085

Mutex

8356bffd-2b62-44f9-937c-4adee31d9ea3

Attributes
  • encryption_key

    5471C1CD3CF5D10BA14E0A632D9E07BC5FEE0E2B

  • install_name

    RC7old.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System

  • subdirectory

    System

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • RC7old.exe
    .exe windows:4 windows x86 arch:x86

    Password: super

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections