quasar | ROBLOX-BRUTEFORCER[.]zip

General

Target

ROBLOX-BRUTEFORCER.zip
Size

1.2MB
MD5

7d982f8ff3d5d9204bff6e1c06fb43ba
SHA1

1fe67946a987b42656d2539b3e0713f8af9d104c
SHA256

1746918b750ab5830795a6b7f3b60c60958386cde1c604b069166bff7f5e24c4
SHA512

a939b0760b8151446930140bc0ad041dbe207834014a1a299fe7368f08a99bd642307470d1e2953e142826658b6575e6bd74a430ac86f1898c824ae46b901e18
SSDEEP

24576:6ZW/rbUQrtD/Wr2+eT4VvTePAphOBE3uySZLQSBf3bnEaxANz9w+wyVKA:063UStDebTeYpKSfMvV5+wyVKA

Score

10^/10

rando #1 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

rando #1

C2

Gavin:4782

Mutex

6af5f867-8c22-4c1b-9e55-26206f157386

Attributes

encryption_key
196CC5EA294AEC40979442F82371DD57AADC275C
install_name
Roblox-Bruteforcer.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/ROBLOX-BRUTEFORCER/roblox-bruteforcer.exe	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ROBLOX-BRUTEFORCER/roblox-bruteforcer.exe

Files

ROBLOX-BRUTEFORCER.zip
.zip

Password: lala
ROBLOX-BRUTEFORCER/READ-ME.txt
ROBLOX-BRUTEFORCER/roblox-bruteforcer.exe
.exe windows x86

Password: lala

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: lala

Password: lala

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B