General
-
Target
Resolute 16x.mcpack
-
Size
7.6MB
-
Sample
250106-zcfyaayqbp
-
MD5
b9e57b369a3b919d3d2513db78dd29fe
-
SHA1
a60a15aeae76b01d9b026650ebdb02bd05cb3412
-
SHA256
c6004a404cddb4408610b0394b3c133ad1c1bfe5eee08aa5f2836969230612db
-
SHA512
3e19eb776d11dc4d08c606a28733cd7118f464f01ff08ae1612d08aababb6e18087d0351004012cd34c2ec24c5a91b834d9623a880d32d3efc7999810479840b
-
SSDEEP
196608:zCPskbMDiJmVU0qsmIuAfdJ8ZHnp3/XFOfOgtk6O:zCbki/0qEFetnp3/XF4OZ
Malware Config
Extracted
quasar
1.4.1
ROBLOX EXECUTOR
192.168.50.1:4782
10.0.0.113:4782
LETSQOOO-62766.portmap.host:62766
89.10.178.51:4782
90faf922-159d-4166-b661-4ba16af8650e
-
encryption_key
FFEE70B90F5EBED6085600C989F1D6D56E2DEC26
-
install_name
windows 3543.exe
-
log_directory
roblox executor
-
reconnect_delay
3000
-
startup_key
windows background updater
-
subdirectory
windows updater
Targets
-
-
Target
Resolute 16x/credit.txt
-
Size
178B
-
MD5
b97b62904acbb476bf5da0a3513c6afa
-
SHA1
0038788a167a1c47f0de7165a13af7516ab7c6ae
-
SHA256
367f8ba93f591e751e70e402220bb574fae82d0c61248fb18a82b0b095be851c
-
SHA512
1762475a1c12d773773dda7718528a890e67b321b70a111debf5bc7303f43fac8107f3f9423b4cf70edf7cf1c806d5a2f6c87adb67ea2666b4e3c030bb96260d
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
4Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1