Overview

overview

10

Static

static

1

RobloxPing...er.bat

windows7-x64

8

RobloxPing...er.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f4e3342d7148047d9b8a6e3a6626fc6a28e05fea788d2345c38ac7ccb7afb1f

  • Size

    10.7MB

  • Sample

    240521-17frfacb2w

  • MD5

    47b64de4515cb5fd15042f21d366000d

  • SHA1

    4f39c55dd1e5f78fcc62d9253a660c9189bef921

  • SHA256

    5f4e3342d7148047d9b8a6e3a6626fc6a28e05fea788d2345c38ac7ccb7afb1f

  • SHA512

    19c7b1a33c2ea08a8ab10ba32834ce174f9e2987f951e24fa0c202ed78edb547bfaf8c428f484b40c8fabf4d11eabe07cede7136c65c78d003e56fa739e2015c

  • SSDEEP

    196608:3stpCTmsmbOlv+STCtVW812O8KVsKjpoeW/RKMi7r6CPIBF7657ma/VOaJ:3+i+SGtb1CONpQ/Ipn60M8577/saJ

Score
10/10
quasarexecutionspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      RobloxPingOptimizer-Main-x64.NEW/RobloxPingOptimizer-Main-x64/Main/RobloxPingOptimizer.bat

    • Size

      15.6MB

    • MD5

      0e7fa38a2267f6c3c8b0afafda56ef99

    • SHA1

      e116a71ae311011f1fc2697e84575990b75d96b4

    • SHA256

      30800e9982e73ce9a2f315b05630225f57b6ae1d219902b8dcde6031d840a553

    • SHA512

      75f5108166ac7224f5797941f57ada798a1bb760850677618770fb4aa7c9dd3d9298013afde66a0eba303852c9dfb2277b8bda61243c161b35975f1030ed9e98

    • SSDEEP

      49152:Cdxc9riM4QO4C2ltO7iHK35ROUcdDvgVNfLH9QDn7OusKIV+cDBGVKKjU5ECeNNI:k

    Score
    10/10
    executionquasarspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks