MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdff3872ee296b3b4aead501690e25f79f8819416d6b79e1567861f56c9f6974. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 2 Yara 1 Comments

SHA256 hash: bdff3872ee296b3b4aead501690e25f79f8819416d6b79e1567861f56c9f6974
SHA3-384 hash: 2079a055a139b019ea53914222bde312b84d39dbf3f656fb1d4f2f72e9a5963826f0b71c0775270e125feee57dc4ee92
SHA1 hash: 0392a4e492223d6a1ae8949e23873261ff1841f3
MD5 hash: 9027279b579a25d2983cd4f8ee20b4f2
humanhash: november-september-speaker-glucose
File name:babaxv2.exe
Download: download sample
Signature QuasarRAT
File size:613'376 bytes
First seen:2020-06-29 20:27:32 UTC
Last seen:2020-06-29 21:51:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 476f92c8f9ddbcb805cdc5c61fbc5635
ssdeep 12288:vAAepzM+rHSUiheP+M9mRsysvodFM2bZciqEPkckC:vxe2u+bZ
TLSH 1CD4FB213AFB004DF3E7AFA65FD8F8BF896AF673560A70B9205107464722E418D91736
Reporter @James_inthe_box
Tags:exe QuasarRAT

Intelligence


Mail intelligence No data
# of uploads 2
# of downloads 38
Origin country FR FR
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/16665/
ClamAV SecuriteInfo.com.Generic.mg.9027279b579a25d2.22436.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/bdff3872ee296b3b4aead501690e25f79f8819416d6b79e1567861f56c9f6974/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Bluteal
First seen:2020-06-29 20:26:38 UTC
AV detection:22 of 31 (70.97%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   1/10
Malware Family:n/a
Link: https://tria.ge/reports/200629-zra6n844da/
Tags:n/a
VirusTotal:Virustotal results 25.00%

Yara Signatures


Rule name:Quasar_RAT_1
Author:Florian Roth
Description:Detects Quasar RAT
Reference:https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments