Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2004-11-0x0000000000400000-0x0000000000724000-memory.dmp
-
Size
3.1MB
-
MD5
2ba855bcfcd3c2b16f7136a4356691a7
-
SHA1
0baf09a3ee1a88a125a4187378d103979a940209
-
SHA256
23fa5042d93c294ddb743fc1696349e1f0f999e9dc1630a5cd16a12d5c87e4f9
-
SHA512
ad54c9a20d3954f76d3040a1811545cb85fae1cb24264df515e40c0aca62ba9170c1d1001b21ab97aa338ed48399bd2d1453337a3805e012e304274202011d25
-
SSDEEP
49152:vvkgo2QSaNpzyPllgamb0CZof/JDfP3kCjLLoG9DgTHHB72eh2NT:vvFo2QSaNpzyPllgamYCZof/JDfP1X
Malware Config
Extracted
quasar
1.4.1
CODE
twart.myfirewall.org:9792
rency.ydns.eu:5287
wqo9.firewall-gateway.de:8841
code1.ydns.eu:5287
wqo9.firewall-gateway.de:9792
025351e291-5d1041-4fa37-932c7-869aeiQec514992
-
encryption_key
3145298725BA5E0DD56E87FFE3F8898EA81E6EDA
-
install_name
Exccelworkbook.exe
-
log_directory
Logs
-
reconnect_delay
6000
-
startup_key
pdfdocument
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2004-11-0x0000000000400000-0x0000000000724000-memory.dmp
Headers
Sections