MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1e6c2059e61bc54c31696c04fca0b366fdd9d0ac84d7db2ad545ddf2b4b18f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 1 Yara 1 Comments

SHA256 hash: c1e6c2059e61bc54c31696c04fca0b366fdd9d0ac84d7db2ad545ddf2b4b18f0
SHA3-384 hash: dd73960af6c18ea6a52420a7f6435f17ae59acaf40bbc6f5428e86efdcd9762de584e084e69e08cc717ab3a9bf840e66
SHA1 hash: 1430a4d71665a27bd8e4937cc0f7cef6f4ad3a9a
MD5 hash: 0135c1b313921dc0ecdd607f08b2f5fd
humanhash: winter-eight-kansas-whiskey
File name:c1e6c2059e61bc54c31696c04fca0b366fdd9d0ac84d7db2ad545ddf2b4b18f0
Download: download sample
Signature QuasarRAT
File size:1'421'312 bytes
First seen:2020-06-30 06:55:21 UTC
Last seen:2020-06-30 07:45:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 24576:ZSOrFaNxOsPHdK6vYPQKzuK0TzzrNZOHUqME:gOrECiKUY4fz3NZOH
TLSH 7A657A60A255562FC4F7D6B50210918733E4BD33BB88FB1A6DC03199987EA3D0E37A97
Reporter @JAMESWT_MHT
Tags:QuasarRAT

Intelligence


Mail intelligence No data
# of uploads 2
# of downloads 29
Origin country IT IT
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/16845/
ClamAV SecuriteInfo.com.Trojan.GenericKD.43411021.19016.26667.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/c1e6c2059e61bc54c31696c04fca0b366fdd9d0ac84d7db2ad545ddf2b4b18f0/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Coins
First seen:2020-06-29 18:09:28 UTC
AV detection:21 of 31 (67.74%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   7/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-xctyx6ld82/
Tags:discovery spyware persistence
VirusTotal:Virustotal results 13.70%

Yara Signatures


Rule name:Quasar_RAT_1
Author:Florian Roth
Description:Detects Quasar RAT
Reference:https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments