MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 245deb1693e39d6340bcd2e8c9d8f5e78e4906e359172b150a066eb1678987f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 245deb1693e39d6340bcd2e8c9d8f5e78e4906e359172b150a066eb1678987f5
SHA3-384 hash: 2a0a1d94f99113a4eb9321a4c9ecf6c60f0e7134ed9586896c84fd1227a25f453eb24a3e607f09b06251f069931869f7
SHA1 hash: 37af525912b33e49d327b99e985872040b515abf
MD5 hash: 13f7d3dd9fc0840f1a70a5539eda8dca
humanhash: artist-sierra-gee-freddie
File name:SecuriteInfo.com.Trojan.PWS.Siggen2.48626.29959.12172
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:94'720 bytes
First seen:2020-05-28 11:44:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'654 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 1536:WIu4nSdJkWmn2C3QcB8DcO46BTE9AaG6xPDA0XGnD7S8bJxZfy7ggwc:k8Sdyh2C3icF6BTLX6TQSgXZfyj
Threatray 28 similar samples on MalwareBazaar
TLSH EF93182A73C64B25C8983974C1E3843403F2B7C76637C6467ED85ADA8E423E5AD4EBC5
Reporter SecuriteInfoCom
Tags:QuasarRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.48626.29959.12172.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Quasar
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 00:02:55 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
37 of 48 (77.08%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
29790388ca244a8fd3bb2448a59e45fba4dc715fec7a0bf09a7f6d4df79ef9a9
QuasarRAT
414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
QuasarRAT
5013dc9e2ddbe9ddd90af638466379f876b70ebe504d62e72ed166480a4d4f83
QuasarRAT
701d3db21920f78b8ed2eb6b4286f858277928f50d567c9c6594bd1971e9c07e
QuasarRAT
79c2240abb05bcad2847f6fe50ae69f6a3cbdeea82bdc659e75f85eb59f442f9
QuasarRAT
9b629ce7607ee755d467e058cf51187d2ca5c095d5dc5708826f9c47b06c3c07
QuasarRAT
e39fd52523f742331dc20ee90a051e456561481ef4c360a40ffaac292cb6c37b
QuasarRAT
e3f6a7a2d6628adf2956c3c1f387c2bd178b48e170a71368ae3e7f8c20b8e213
QuasarRAT
e43fb62c12fcf1be9f9982e81a59350a8f9dd2389198c0b332cef832a63aac0f
QuasarRAT
e93b9a00886b7a569dc09337361d246c4ac74d3a061579ea4ad33b9ad19f7bde
QuasarRAT
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ykq3af46jx/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

QuasarRAT

Executable exe 245deb1693e39d6340bcd2e8c9d8f5e78e4906e359172b150a066eb1678987f5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370376/
  
Delivery method
Distributed via web download

Comments