quasar | robloxlist[.]exe | Triage

Sharing

General

Target

robloxlist.exe
Size

348KB
MD5

cc0ce734de3f88924449b16df0c92911
SHA1

af48aa8c33b0d8f0757f9abe8938aa66dfa9a588
SHA256

da59a47ae6bde91de01f45a7c3ba4217bd91b4cb0087d58ed4e10eea50866e49
SHA512

c92a607b979a3013426ef181daced2792b451180d196078342dd64dcc6496cc98c824a67b60a7073f527ac905e12d62d61651b576e26a1921e60869c85bcd6b0
SSDEEP

6144:8uwb/c2L0t5kiOW9ubBcz7b3Ga66b2SO:7H2L5ly6czv3GalbJO

Score

10^/10

clint quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Clint

C2

192.168.178.29:4780

192.168.178.29:4782

Mutex

QSR_MUTEX_02VEKG7zCDubNpN0wF

Attributes

encryption_key
SPXni05TVd0oAIJtmwYk
install_name
robloxfisch.exe
log_directory
Log
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
robloxlist.exe

Files

robloxlist.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ