Extracted

• • Target

    BloxScripts.exe

  • Size

    12.8MB

  • MD5

    1705aca93e5b467a60a3558345306428

  • SHA1

    7f6e72e63a22edd278c81e7a6b760856636259b7

  • SHA256

    aeefbc3356c7f36db8a4d7f12ef63c8d6ff4c8bed178ec31cf6cab49f8b03d50

  • SHA512

    11f1718d570aba665b8bba37a0133c3916d0a55213e70f3729bf2c51f84b70a73fa7ea77d659de546dd60995509ba35d9671099e7b30397c1f232c36ff91da97

  • SSDEEP

    393216:vfChwrd42aSS4PDzy1Nt/3ANKBu0MCfD14o:3Iwx4KDDz0a3dCf2o

  Score

  10^/10

  quasaroffice04spywaretrojandiscovery

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  behavioral1behavioral2