quasar | aebe8489a53693d4466be30dfd930c2cbc79a21687b228a8f304815906de02d6 | Triage

Submit
Reports

Overview

overview

Static

static

3

RobloxCrasher.exe

windows7-x64

RobloxCrasher.exe

windows10-2004-x64

Sharing

General

Target

RobloxCrasher.exe
Size

3.2MB
Sample

241116-mdz2bstmh1
MD5

ebda07e93515d2a92cf0f34bee690b43
SHA1

56b44e24857999dc97a26b7b8d9044b1235fd167
SHA256

aebe8489a53693d4466be30dfd930c2cbc79a21687b228a8f304815906de02d6
SHA512

f3c01b7cae001b3630aa4959844724368e8f7244630a4867758d310c9b5f60a17b471ef84df356539ce5e4eb6d6ac9577b1e4a0c71e24826a8da0a84ff2ed54e
SSDEEP

98304:isdJl5i8RDSoqm7GvvZX7BnmrcdMWu2tVKsL:3Jl5jyGyVmrCMWjtMsL

Score

10^/10

quasar roblox defense_evasion spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RobloxCrasher.exe

Resource

win7-20240903-en

quasar roblox defense_evasion spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

RobloxCrasher.exe

Resource

win10v2004-20241007-en

quasar roblox defense_evasion spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Roblox

C2

bigchancepenis.bounceme.net:9000

Mutex

e293c679-127e-4679-9d5e-f004c0e21f2b

Attributes

encryption_key
693B804C4C15D633359B0059C08E017241D484D5
install_name
Roblox.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows34
subdirectory
SubDir

Targets

- Target
  
  RobloxCrasher.exe
- Size
  
  3.2MB
- MD5
  
  ebda07e93515d2a92cf0f34bee690b43
- SHA1
  
  56b44e24857999dc97a26b7b8d9044b1235fd167
- SHA256
  
  aebe8489a53693d4466be30dfd930c2cbc79a21687b228a8f304815906de02d6
- SHA512
  
  f3c01b7cae001b3630aa4959844724368e8f7244630a4867758d310c9b5f60a17b471ef84df356539ce5e4eb6d6ac9577b1e4a0c71e24826a8da0a84ff2ed54e
- SSDEEP
  
  98304:isdJl5i8RDSoqm7GvvZX7BnmrcdMWu2tVKsL:3Jl5jyGyVmrCMWjtMsL
Score

10^/10

quasar roblox defense_evasion spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarrobloxdefense_evasionspywaretrojan

behavioral2

quasarrobloxdefense_evasionspywaretrojan

© 2018-2025

Terms | Privacy