General
-
Target
RoAim.exe
-
Size
3.1MB
-
Sample
240706-phb66sybjp
-
MD5
7b25339a424437e26ee5adddb0df81db
-
SHA1
7ce44cc6eafba23227829a3ca82726a90dddc6c4
-
SHA256
c115a07b5f78fb5145f60a84f12811011656d2b7f59c53a9160b3baddbb3431a
-
SHA512
b0b5e9ff5025559679bb5dba5e58723a5e1777e685975e78b81bdaaa8f32f9c312ca3cb0d2e58d8bd1d94da5a37302875420dc9ce076f917960f55c8b919a350
-
SSDEEP
49152:rvDI22SsaNYfdPBldt698dBcjHOv/IE2HTk/uV6oGdrETHHB72eh2NT:rv822SsaNYfdPBldt6+dBcjHOv/Ug7
Behavioral task
behavioral1
Sample
RoAim.exe
Resource
win7-20240705-en
Malware Config
Extracted
quasar
1.4.1
RoAim
fdfsfsdfsfdfdsfs-59990.portmap.host::59990
b3e3311a-deb4-40a6-b987-3b04c18fdac4
-
encryption_key
A0B08700DFA1C99CF0B737B2BEF8DABC798B5F02
-
install_name
Java.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Java
-
subdirectory
Java
Targets
-
-
Target
RoAim.exe
-
Size
3.1MB
-
MD5
7b25339a424437e26ee5adddb0df81db
-
SHA1
7ce44cc6eafba23227829a3ca82726a90dddc6c4
-
SHA256
c115a07b5f78fb5145f60a84f12811011656d2b7f59c53a9160b3baddbb3431a
-
SHA512
b0b5e9ff5025559679bb5dba5e58723a5e1777e685975e78b81bdaaa8f32f9c312ca3cb0d2e58d8bd1d94da5a37302875420dc9ce076f917960f55c8b919a350
-
SSDEEP
49152:rvDI22SsaNYfdPBldt698dBcjHOv/IE2HTk/uV6oGdrETHHB72eh2NT:rv822SsaNYfdPBldt6+dBcjHOv/Ug7
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-