MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ae928c8a8883074e5f80a0cbc4dda70084b616b451c744223e6ab9aee10ec3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ae928c8a8883074e5f80a0cbc4dda70084b616b451c744223e6ab9aee10ec3f
SHA3-384 hash: e8ad61db423b8a20c0ee4b4abe3f15c4bc1bdbc6eb85dc52cf0fc3f3a51a06e24becba90fba373f60b7ac31df69a21ab
SHA1 hash: cb1a30c8390fd91c87a89d9c179b6f198ca4d583
MD5 hash: dec4dc0180437cb4e62615be75089570
humanhash: lemon-equal-chicken-tango
File name:PO91666. pdf.rar
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:161'611 bytes
First seen:2020-11-20 07:43:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:vBcc98l2TqKjMB6Yyt8ybMy/Jl3carM8e2fzSlDsT7Z1EYbyp:vBshs0KQALMvz2fz6P
TLSH D7F312EEF492309B47F4A66FEB94472A6FDFCD22B66C0E875800A37704392055156FE4
Reporter abuse_ch
Tags:QuasarRAT rar RAT


Avatar
abuse_ch
Malspam distributing QuasarRAT:

HELO: smtp204.alice.it
Sending IP: 82.57.200.100
From: Romeo Giovanni<vcalzolari64@tim.it>
Reply-To: <sales@prodigy.com.mx>
Subject: Re: PO91666
Attachment: PO91666. pdf.rar (contains "PO91666. pdf.exe")

QuasarRAT C2:
zxupvn.hopto.org:1212 (23.105.131.179)

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ae928c8a8883074e5f80a0cbc4dda70084b616b451c744223e6ab9aee10ec3f/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 00:00:34 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dlusrsfirayhjzpybiglyto2oaeewylliuohiqrd42vzv3qq5q7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QuasarRAT

rar 1ae928c8a8883074e5f80a0cbc4dda70084b616b451c744223e6ab9aee10ec3f

(this sample)

QuasarRAT

Executable exe 471a91b4f8d67792bf0b5a67460fb7fe335db4963a7154c0cc20fe7461a87514

  
Dropping
MD5 a6632c024290226c386f8a535d87b7f4
  
Dropping
QuasarRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 471a91b4f8d67792bf0b5a67460fb7fe335db4963a7154c0cc20fe7461a87514

Comments