General

  • Target

    Roblox-UWP-Executor-main.zip

  • Size

    1.3MB

  • MD5

    f578eedc601e1a1c0610a662fd4e0204

  • SHA1

    000447e1efbaccfe46adaf3db8c1b4248b1f05c7

  • SHA256

    8ca13a2a0324e267849401c770ff7d759d4a52c91954476bbd0f5fb9f596cc23

  • SHA512

    cc221f22796edefeaada61678b10d4155bf06ef4cc00374f717c0a69f48b5951d6d0ce37ea5acb7501dd90aa4a57496de7a86b9505da8e95b4f318d1b2178929

  • SSDEEP

    24576:K9OFp4O2WkR1K4KuD3QLhi49i/EhwE4WH44kw:K9OqWruEli4wd0Yw

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

smirkdns.ddns.net:4782

Mutex

45259779-0dcb-4afe-a014-ae49cf73286e

Attributes
  • encryption_key

    38F8A837013773F52CA41CD4456A32A9B17A9557

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    AustiBlox

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • Roblox-UWP-Executor-main.zip
    .zip
  • Roblox-UWP-Executor-main/Execution.dll
    .dll windows:6 windows x86 arch:x86

    1e0a2f651d87e423ffab4bddbb3945d7


    Headers

    Imports

    Sections

  • Roblox-UWP-Executor-main/README.md
  • Roblox-UWP-Executor-main/XYZ.dll
    .dll windows:4 windows x86 arch:x86

    df5ee731556844566bd09eb9e0c19cfb


    Headers

    Imports

    Exports

    Sections

  • Roblox-UWP-Executor-main/XYZ.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections