quasar | 99db4a991bf7ea42e196b4c3f7374e132c07a7f46cf5ae2917559f5e36ee8cc6 | Triage

Submit
Reports

Overview

overview

Static

static

1

a.html

windows11-21h2-x64

Sharing

General

Target

a
Size

1KB
Sample

250104-z21c8axnfx
MD5

177aba1e5662a7962dd89c81d9544308
SHA1

685f8e7bf4b0849ea0546d1616bd351a47e3b31a
SHA256

99db4a991bf7ea42e196b4c3f7374e132c07a7f46cf5ae2917559f5e36ee8cc6
SHA512

35b9a0e8ec9570f844e959fdbd802b2c370006514fd245a25951b865b8627a41963d608242cdce6e20edd633f7b1982e16bf508c7f4b61a481f1a98162b5a2ac

Score

10^/10

quasar roblox executor defense_evasion discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

a.html

Resource

win11-20241023-en

quasar roblox executor defense_evasion discovery spyware trojan

windows11-21h2-x64

27 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ROBLOX EXECUTOR

C2

192.168.50.1:4782

10.0.0.113:4782

LETSQOOO-62766.portmap.host:62766

89.10.178.51:4782

Mutex

90faf922-159d-4166-b661-4ba16af8650e

Attributes

encryption_key
FFEE70B90F5EBED6085600C989F1D6D56E2DEC26
install_name
windows 3543.exe
log_directory
roblox executor
reconnect_delay
3000
startup_key
windows background updater
subdirectory
windows updater

Targets

- Target
  
  a
- Size
  
  1KB
- MD5
  
  177aba1e5662a7962dd89c81d9544308
- SHA1
  
  685f8e7bf4b0849ea0546d1616bd351a47e3b31a
- SHA256
  
  99db4a991bf7ea42e196b4c3f7374e132c07a7f46cf5ae2917559f5e36ee8cc6
- SHA512
  
  35b9a0e8ec9570f844e959fdbd802b2c370006514fd245a25951b865b8627a41963d608242cdce6e20edd633f7b1982e16bf508c7f4b61a481f1a98162b5a2ac
Score

10^/10

quasar roblox executor defense_evasion discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarroblox executordefense_evasiondiscoveryspywaretrojan

© 2018-2025

Terms | Privacy