MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e693913fbc2e1f247d97c7455cdf1ff2976c20aa4245c45c9343f6cb5a8e3d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e693913fbc2e1f247d97c7455cdf1ff2976c20aa4245c45c9343f6cb5a8e3d5
SHA3-384 hash: 783a16ff5cfeac04fff2847dad65a86de7a86a3aa6bdb59fe8afce63ce0e81c8dda154162064f21824b3c368681c8079
SHA1 hash: 120d1d994884d5f67260072e0d3d44d05ff0f69c
MD5 hash: 0d342b286bccceaca75a5b0a6584884b
humanhash: island-ack-autumn-maryland
File name:Company Details and Products.pdf.img
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:1'519'616 bytes
First seen:2020-11-19 08:32:58 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:eOdMrF///F53jIWQuTXIZK131ZEhNT8rlwR4Q:I
TLSH 9565E9B901CE5262E2AFCB39667FBE644072B5C7BFC679481378F1710EB96967A0010D
Reporter abuse_ch
Tags:img QuasarRAT RAT


Avatar
abuse_ch
Malspam distributing QuasarRAT:

HELO: mx.topogrupe.lt
Sending IP: 88.119.142.178
From: Robertas Kregždė <robertas.kregzde@mob.topocentras.lt>
Subject: Exclusive Distribution Republic Of Moldova Topocentras Global d.o.o. 19/11/2020
Attachment: Company Details and Products.pdf.img (contains "Company profile and products.scr")

QuasarRAT C2:
morelogs.thruhere.net:4788 (103.28.70.59)

Intelligence

File Origin
# of uploads :
1
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e693913fbc2e1f247d97c7455cdf1ff2976c20aa4245c45c9343f6cb5a8e3d5/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bzutse73ylq7er6zpr2fltpr74uxnqqkuqsfyrojgq7wznni4pkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QuasarRAT

img 0e693913fbc2e1f247d97c7455cdf1ff2976c20aa4245c45c9343f6cb5a8e3d5

(this sample)

QuasarRAT

Executable exe c8f09665c4c94041dd63191d0ea1b0f5092dc636eea7191242a7d7da9d7fa8b6

  
Dropping
MD5 964efbbcba7f76c77d831f02fdc30de4
  
Dropping
QuasarRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c8f09665c4c94041dd63191d0ea1b0f5092dc636eea7191242a7d7da9d7fa8b6

Comments