Overview

overview

10

Static

static

10

roarile.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    roarile.exe

  • Size

    3.1MB

  • Sample

    241209-xefn7askfl

  • MD5

    562bbec6f7effdc4c1b054833a331771

  • SHA1

    394610de86c61959c31530c8e1415b7575067525

  • SHA256

    cb760ff3655cc34bbd5c4f42264703e45d5381259f1bb6416c61feb8667a856d

  • SHA512

    7a924145233f23d22b5255db2bb0c3796ef349f84c17e568a7078fad358e8be80679864316d27450fff8b9149d3d9a8472555bd89d67a6dbc0d52c5797f9f564

  • SSDEEP

    49152:KvrI22SsaNYfdPBldt698dBcjHioe2ECsAk/6WUoGdExgTHHB72eh2NT:KvU22SsaNYfdPBldt6+dBcjHioe6F

Score
10/10
quasarroardiscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

roar

C2

roarwasd12312-34767.portmap.host:34767

Mutex

9102d6bd-6fb5-4536-a902-98f788c7e43a

Attributes
  • encryption_key

    C5904FDD788EA00F921C538B9FE80C0B0A0DE728

  • install_name

    roar.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    discord

  • subdirectory

    SubDir

Targets

    • Target

      roarile.exe

    • Size

      3.1MB

    • MD5

      562bbec6f7effdc4c1b054833a331771

    • SHA1

      394610de86c61959c31530c8e1415b7575067525

    • SHA256

      cb760ff3655cc34bbd5c4f42264703e45d5381259f1bb6416c61feb8667a856d

    • SHA512

      7a924145233f23d22b5255db2bb0c3796ef349f84c17e568a7078fad358e8be80679864316d27450fff8b9149d3d9a8472555bd89d67a6dbc0d52c5797f9f564

    • SSDEEP

      49152:KvrI22SsaNYfdPBldt698dBcjHioe2ECsAk/6WUoGdExgTHHB72eh2NT:KvU22SsaNYfdPBldt6+dBcjHioe6F

    Score
    10/10
    quasarroardiscoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks