quasar | c115a07b5f78fb5145f60a84f12811011656d2b7f59c53a9160b3baddbb3431a | Triage

Submit
Reports

Overview

overview

Static

static

RoAim.exe

windows7-x64

RoAim.exe

windows10-2004-x64

Sharing

General

Target

RoAim.exe
Size

3.1MB
Sample

240706-phb66sybjp
MD5

7b25339a424437e26ee5adddb0df81db
SHA1

7ce44cc6eafba23227829a3ca82726a90dddc6c4
SHA256

c115a07b5f78fb5145f60a84f12811011656d2b7f59c53a9160b3baddbb3431a
SHA512

b0b5e9ff5025559679bb5dba5e58723a5e1777e685975e78b81bdaaa8f32f9c312ca3cb0d2e58d8bd1d94da5a37302875420dc9ce076f917960f55c8b919a350
SSDEEP

49152:rvDI22SsaNYfdPBldt698dBcjHOv/IE2HTk/uV6oGdrETHHB72eh2NT:rv822SsaNYfdPBldt6+dBcjHOv/Ug7

Score

10^/10

quasar roaim spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

RoAim.exe

Resource

win7-20240705-en

quasar roaim spyware trojan

windows7-x64

13 signatures

600 seconds

Behavioral task

behavioral2

Sample

RoAim.exe

Resource

win10v2004-20240704-en

quasar roaim spyware trojan

windows10-2004-x64

13 signatures

600 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

RoAim

C2

fdfsfsdfsfdfdsfs-59990.portmap.host::59990

Mutex

b3e3311a-deb4-40a6-b987-3b04c18fdac4

Attributes

encryption_key
A0B08700DFA1C99CF0B737B2BEF8DABC798B5F02
install_name
Java.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Java
subdirectory
Java

Targets

- Target
  
  RoAim.exe
- Size
  
  3.1MB
- MD5
  
  7b25339a424437e26ee5adddb0df81db
- SHA1
  
  7ce44cc6eafba23227829a3ca82726a90dddc6c4
- SHA256
  
  c115a07b5f78fb5145f60a84f12811011656d2b7f59c53a9160b3baddbb3431a
- SHA512
  
  b0b5e9ff5025559679bb5dba5e58723a5e1777e685975e78b81bdaaa8f32f9c312ca3cb0d2e58d8bd1d94da5a37302875420dc9ce076f917960f55c8b919a350
- SSDEEP
  
  49152:rvDI22SsaNYfdPBldt698dBcjHOv/IE2HTk/uV6oGdrETHHB72eh2NT:rv822SsaNYfdPBldt6+dBcjHOv/Ug7
Score

10^/10

quasar roaim spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarroaimspywaretrojan

behavioral2

quasarroaimspywaretrojan

© 2018-2024

Terms | Privacy