General
-
Target
RobloxPingOptimizer.bat
-
Size
273KB
-
Sample
240602-z3mthsgd33
-
MD5
0d3e0553b13ae24b0e765dc71b71d157
-
SHA1
2e7ea67463d79b9047aa843210667ac11da4650d
-
SHA256
3d532f4155981fbaf60ddbaf14851a4b12d1066cbd182144ad0bdcd0b0f379a6
-
SHA512
43b0250496746f8c161d3009f0842d2758eb80196ce7bc5e4f05a1ac552ae86ebece4fcb42a6b4f52be7981e01782817c56d12017d70c77e34327f63433a5da0
-
SSDEEP
6144:ymjeUWzu9cgBXKz1IQDKHkaIFH4zfWHF0QR1rh3Og2q4E:yseUWq9cgBazioKkaIEfOFtR1rh3Z2S
Static task
static1
Behavioral task
behavioral1
Sample
RobloxPingOptimizer.bat
Resource
win7-20240221-en
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
RobloxPingOptimizer.bat
-
Size
273KB
-
MD5
0d3e0553b13ae24b0e765dc71b71d157
-
SHA1
2e7ea67463d79b9047aa843210667ac11da4650d
-
SHA256
3d532f4155981fbaf60ddbaf14851a4b12d1066cbd182144ad0bdcd0b0f379a6
-
SHA512
43b0250496746f8c161d3009f0842d2758eb80196ce7bc5e4f05a1ac552ae86ebece4fcb42a6b4f52be7981e01782817c56d12017d70c77e34327f63433a5da0
-
SSDEEP
6144:ymjeUWzu9cgBXKz1IQDKHkaIFH4zfWHF0QR1rh3Og2q4E:yseUWq9cgBazioKkaIEfOFtR1rh3Z2S
-
Quasar payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-