MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c66ad71b16931d7d2d5c4f86fd5abc1dc07afbc32e112e29ba424a8f302d5f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c66ad71b16931d7d2d5c4f86fd5abc1dc07afbc32e112e29ba424a8f302d5f6
SHA3-384 hash: b03550aee48bb16412a0a18ec4a44c875a5a548bb14dc1d34d07b6edd59f4571465311b6e2bf29aa5cf45973a1e7ae56
SHA1 hash: 3384537cd099244d9f2fe2b5e695a14e21022187
MD5 hash: b680f8667123000a6045d363878df69b
humanhash: neptune-venus-venus-idaho
File name:_2xlw_Pulsar-Client.bat
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:884'772 bytes
First seen:2025-10-19 16:25:35 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 24576:zjnbkNZ+aIwWmW0cN8AEy/yL/EccSILwXoJ:z3wZRxW78zynJ
Threatray 139 similar samples on MalwareBazaar
TLSH T1571512064F5B97E40F1D75C4113A2F942E6A6FD1C0CED984738091CB9B7F6E2AB29238
Magika batch
Reporter 01Xyris
Tags:bat exe QuasarRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
_1c66ad71b16931d7d2d5c4f86fd5abc1dc07afbc32e112e29ba424a8f302d5f6.txt
Verdict:
No threats detected
Analysis date:
2025-10-19 16:35:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d6c51c53-7fd9-4cc3-8234-137fa0efce3c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/33331/
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f51150c949ca4fcbe34b3a
Tags:
xtreme proxy shell sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
evasive obfuscated powershell
Link:
https://www.filescan.io/uploads/68f512613a79800405eb1395/reports/54a94c7f-8bb5-409b-9a52-bd9b6085192b/overview
Verdict:
Malicious
Labled as:
TrojanDropper/BAT.Agent
Link:
https://www.hybrid-analysis.com/sample/1c66ad71b16931d7d2d5c4f86fd5abc1dc07afbc32e112e29ba424a8f302d5f6
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-19T13:40:00Z UTC
Last seen:
2025-10-19T18:50:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.PowerShell.Agent.gen HEUR:Trojan.BAT.Obfus.gen
Link:
https://opentip.kaspersky.com/1c66ad71b16931d7d2d5c4f86fd5abc1dc07afbc32e112e29ba424a8f302d5f6/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1c66ad71b16931d7d2d5c4f86fd5abc1dc07afbc32e112e29ba424a8f302d5f6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c66ad71b16931d7d2d5c4f86fd5abc1dc07afbc32e112e29ba424a8f302d5f6/
Verdict:
Malicious
Threat:
Trojan.BAT.Obfus
Link:
https://tip.neiki.dev/file/1c66ad71b16931d7d2d5c4f86fd5abc1dc07afbc32e112e29ba424a8f302d5f6
Threat name:
Script-BAT.Backdoor.Quasar
Create hunting rule
Status:
Malicious
First seen:
2025-10-19 16:32:37 UTC
File Type:
Text (PowerShell)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=drtk24nrney5puwvyt4g7vnlyhoapl54glqrfyu3uqskr4yc2x3a._file
Verdict:
malicious
Label(s):
quasarrat
Create hunting rule
Similar samples:
051bcd80b859378e9ff45546ecc3766499f44190fe25716b7419769b38308320
QuasarRAT
2b350cc0413da0f03e0c900959dac67bb88ad965b8cb4775e452c0f639ff4b7b
QuasarRAT
348b05201dbe7fd54d844f0e94906a45c899bb0a450c11a2d0e7a385517f0a4e
QuasarRAT
37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77
QuasarRAT
44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e
QuasarRAT
45ef6e4f80f8619585cb239d12cc89dddff3cc158600fdf33fc4834b1f8b49a6
QuasarRAT
a924f18d12acc2fcedcbf6a268715ceee220f82d43e34578e3a25df7123c58e4
QuasarRAT
ae4100252450220b4f7d39214d4660894ee149d9c96a885f844f0652283198e9
QuasarRAT
c32f2184fadc3d690d8b38e83d66a43dc1035399d652f3cf95a97a4cb4912026
QuasarRAT
error
QuasarRAT
+ 129 additional samples on MalwareBazaar
Result
Malware family:
quasar
Create hunting rule
Score:
  10/10
Tags:
family:quasar execution spyware trojan
Link:
https://tria.ge/reports/251019-t1wqrag14b/
Behaviour
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Quasar RAT
Quasar family
Quasar payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1c66ad71b16931d7d2d5c4f86fd5abc1dc07afbc32e112e29ba424a8f302d5f6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/33331/

Comments