General

  • Target

    synapse-v2-launcher-12-5-22.zip

  • Size

    80.3MB

  • Sample

    230423-trvgbsgb2t

  • MD5

    9e0aeab6cb22ef80c202fab5181b8a2d

  • SHA1

    6177bc2b7e233a04153dcdfef59276f88100ce30

  • SHA256

    4a0f85cd7c39f90298bd752547765b58f7823cadd424c9f3ae54235bb894af35

  • SHA512

    a622aabb0b8e9192df0c5bb57a3ccb80a87ef33d8bd23ff97481f1055c9d5bc2bfca11c394dcae46d0c44ff0bb5a0ecbb3203fda608f0623455f1608c233685c

  • SSDEEP

    1572864:3DWCwerG4hPvcfaaW1NnHdnpgHUjEWOceVE0SOBSOddN:3D3weyIAaJnHdnp4UgWFeVE0SOBSOdX

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Client Server Runtime Process

C2

botnetps.ddns.net:7788

Mutex

73a7a3ae-9e7f-4634-9425-80eaaded0637

Attributes
  • encryption_key

    86012C170FF838996242C2B7E10C4FB0D28A8729

  • install_name

    RobloxStudioLauncherBeta.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Update

  • subdirectory

    Roblox

Targets

    • Target

      synapse-v2-launcher-12-5-22/Synapse Launcher.exe

    • Size

      3.2MB

    • MD5

      5097864cd52044cbdfa58a285584a78e

    • SHA1

      605bc1cd0a166ddff86216ac884cd3cb7b1ae007

    • SHA256

      6529401bd18baaa7666ac93568a0f729eb5ac129ad7df7156fc48f3e1d697609

    • SHA512

      1da88117994322e65f38bf02d4955513d882d7ff2d9c1cdb776eb95689a4ecb412af25f155fc0bf5704751dd2d29b4a2c441529d0d8543d1c48716f29bb4641b

    • SSDEEP

      49152:4vjlL26AaNeWgPhlmVqvMQ7XSKIgRJ6YbR3LoGdcuTHHB72eh2NT6:4vZL26AaNeWgPhlmVqkQ7XSKIgRJ6yv

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks