quasar | 2a6b183aca1fbf8d81610b3a5626b5d0859f66239d249264f72815ddb3cb2d9b | Triage

Submit
Reports

Overview

overview

Static

static

3

RobloxPlayerBeta.exe

windows7-x64

8

RobloxPlayerBeta.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

RobloxPlayerBeta.exe
Size

67.5MB
Sample

240508-233wvaeh57
MD5

69b21d52c8b81b10eafc8dbb6fe33b55
SHA1

5662285cfe875eb6d009343298818b0cf11a4df2
SHA256

2a6b183aca1fbf8d81610b3a5626b5d0859f66239d249264f72815ddb3cb2d9b
SHA512

ef2df91c0e12823125380b1555a0f2d6079101a5e1b88c475d320876e72ce539f66557195a745aeeb819c815a9869ab6e8c6b5bbfdf1b6e43763cc4fa168f941
SSDEEP

1572864:9wix2iSIjf6L706qvF9sxCuMN/wlr8QUP6+SHT3TVdTO7iGM:+ix/fn6qzECuMNIrrUP6RHThTF

Score

10^/10

quasar execution spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RobloxPlayerBeta.exe

Resource

win7-20240508-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

RobloxPlayerBeta.exe

Resource

win10v2004-20240426-en

quasar execution spyware trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

encryption_key
EF9372549A11A39AED3EDC452EDE0AACC2B89E77
log_directory
x
reconnect_delay
3000

Targets

- Target
  
  RobloxPlayerBeta.exe
- Size
  
  67.5MB
- MD5
  
  69b21d52c8b81b10eafc8dbb6fe33b55
- SHA1
  
  5662285cfe875eb6d009343298818b0cf11a4df2
- SHA256
  
  2a6b183aca1fbf8d81610b3a5626b5d0859f66239d249264f72815ddb3cb2d9b
- SHA512
  
  ef2df91c0e12823125380b1555a0f2d6079101a5e1b88c475d320876e72ce539f66557195a745aeeb819c815a9869ab6e8c6b5bbfdf1b6e43763cc4fa168f941
- SSDEEP
  
  1572864:9wix2iSIjf6L706qvF9sxCuMN/wlr8QUP6+SHT3TVdTO7iGM:+ix/fn6qzECuMNIrrUP6RHThTF
Score

10^/10

execution quasar spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarexecutionspywaretrojan

© 2018-2025

Terms | Privacy