Overview

overview

10

Static

static

1

RobloxPing...EW.zip

windows7-x64

1

RobloxPing...EW.zip

windows10-2004-x64

1

RobloxPing...ME.txt

windows7-x64

1

RobloxPing...ME.txt

windows10-2004-x64

1

RobloxPing...er.bat

windows7-x64

8

RobloxPing...er.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RobloxPingOptimizer-Main-x64-NEW.zip

  • Size

    10.7MB

  • Sample

    240521-1317ksca42

  • MD5

    47b64de4515cb5fd15042f21d366000d

  • SHA1

    4f39c55dd1e5f78fcc62d9253a660c9189bef921

  • SHA256

    5f4e3342d7148047d9b8a6e3a6626fc6a28e05fea788d2345c38ac7ccb7afb1f

  • SHA512

    19c7b1a33c2ea08a8ab10ba32834ce174f9e2987f951e24fa0c202ed78edb547bfaf8c428f484b40c8fabf4d11eabe07cede7136c65c78d003e56fa739e2015c

  • SSDEEP

    196608:3stpCTmsmbOlv+STCtVW812O8KVsKjpoeW/RKMi7r6CPIBF7657ma/VOaJ:3+i+SGtb1CONpQ/Ipn60M8577/saJ

Score
10/10
quasarexecutionspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      RobloxPingOptimizer-Main-x64-NEW.zip

    • Size

      10.7MB

    • MD5

      47b64de4515cb5fd15042f21d366000d

    • SHA1

      4f39c55dd1e5f78fcc62d9253a660c9189bef921

    • SHA256

      5f4e3342d7148047d9b8a6e3a6626fc6a28e05fea788d2345c38ac7ccb7afb1f

    • SHA512

      19c7b1a33c2ea08a8ab10ba32834ce174f9e2987f951e24fa0c202ed78edb547bfaf8c428f484b40c8fabf4d11eabe07cede7136c65c78d003e56fa739e2015c

    • SSDEEP

      196608:3stpCTmsmbOlv+STCtVW812O8KVsKjpoeW/RKMi7r6CPIBF7657ma/VOaJ:3+i+SGtb1CONpQ/Ipn60M8577/saJ

    Score
    1/10
    behavioral1behavioral2

    • Target

      RobloxPingOptimizer-Main-x64.NEW/RobloxPingOptimizer-Main-x64/Main/README.txt

    • Size

      118B

    • MD5

      8d47a024ff0842ca55a5cad3a82633a7

    • SHA1

      b04796de3c78fc3ee10492049e6fc8fc0c810892

    • SHA256

      0abe451c981cb71bed7b8baab58927199a645de43eb0d3f034c5e222b508bcf6

    • SHA512

      b9d6f59698779765afe0dfcbe00ef4fa8641173f5c84e6735c548f573545e88720115853aaa8842596bd9a718264250283822c64c9cc4f9b49fc527963c0650e

    Score
    1/10
    behavioral3behavioral4

    • Target

      RobloxPingOptimizer-Main-x64.NEW/RobloxPingOptimizer-Main-x64/Main/RobloxPingOptimizer.bat

    • Size

      15.6MB

    • MD5

      0e7fa38a2267f6c3c8b0afafda56ef99

    • SHA1

      e116a71ae311011f1fc2697e84575990b75d96b4

    • SHA256

      30800e9982e73ce9a2f315b05630225f57b6ae1d219902b8dcde6031d840a553

    • SHA512

      75f5108166ac7224f5797941f57ada798a1bb760850677618770fb4aa7c9dd3d9298013afde66a0eba303852c9dfb2277b8bda61243c161b35975f1030ed9e98

    • SSDEEP

      49152:Cdxc9riM4QO4C2ltO7iHK35ROUcdDvgVNfLH9QDn7OusKIV+cDBGVKKjU5ECeNNI:k

    Score
    10/10
    executionquasarspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks