Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2004-11-0x...ry.exe

windows7-x64

2004-11-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2004-11-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • Sample

    250129-ktn8natjht

  • MD5

    2ba855bcfcd3c2b16f7136a4356691a7

  • SHA1

    0baf09a3ee1a88a125a4187378d103979a940209

  • SHA256

    23fa5042d93c294ddb743fc1696349e1f0f999e9dc1630a5cd16a12d5c87e4f9

  • SHA512

    ad54c9a20d3954f76d3040a1811545cb85fae1cb24264df515e40c0aca62ba9170c1d1001b21ab97aa338ed48399bd2d1453337a3805e012e304274202011d25

  • SSDEEP

    49152:vvkgo2QSaNpzyPllgamb0CZof/JDfP3kCjLLoG9DgTHHB72eh2NT:vvFo2QSaNpzyPllgamYCZof/JDfP1X

Score
10/10
quasarcode

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CODE

C2

twart.myfirewall.org:9792

rency.ydns.eu:5287

wqo9.firewall-gateway.de:8841

code1.ydns.eu:5287

wqo9.firewall-gateway.de:9792
Mutex

025351e291-5d1041-4fa37-932c7-869aeiQec514992

Attributes
  • encryption_key

    3145298725BA5E0DD56E87FFE3F8898EA81E6EDA

  • install_name

    Exccelworkbook.exe

  • log_directory

    Logs

  • reconnect_delay

    6000

  • startup_key

    pdfdocument

  • subdirectory

    SubDir

Targets

    • Target

      2004-11-0x0000000000400000-0x0000000000724000-memory.dmp

    • Size

      3.1MB

    • MD5

      2ba855bcfcd3c2b16f7136a4356691a7

    • SHA1

      0baf09a3ee1a88a125a4187378d103979a940209

    • SHA256

      23fa5042d93c294ddb743fc1696349e1f0f999e9dc1630a5cd16a12d5c87e4f9

    • SHA512

      ad54c9a20d3954f76d3040a1811545cb85fae1cb24264df515e40c0aca62ba9170c1d1001b21ab97aa338ed48399bd2d1453337a3805e012e304274202011d25

    • SSDEEP

      49152:vvkgo2QSaNpzyPllgamb0CZof/JDfP3kCjLLoG9DgTHHB72eh2NT:vvFo2QSaNpzyPllgamYCZof/JDfP1X

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks