MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ea29fa9ad61f55762d2d1d3ce608c3fdfe4007802514042552293ce86af0454. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ea29fa9ad61f55762d2d1d3ce608c3fdfe4007802514042552293ce86af0454
SHA3-384 hash: 548ac11c65a7b1de4d4d2b47edbd35b2472b98d1ba775f16d4d39a4acd6179865aca95d7fe1dcefcecfeeab80c866019
SHA1 hash: e396e72ae914e3830317984cf20d525fc7ab9141
MD5 hash: 31fec4218b90b6292e472159c1118d1d
humanhash: steak-pip-batman-georgia
File name:9ca904cab20986be55e27beb7dc50ba6.exe
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:356'352 bytes
First seen:2020-04-07 19:25:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 6144:M2NHXf500MWsw/eNhB7obyJDGo4FE/WfPR4G:jd50Hw/etTH4m/WOG
Threatray 97 similar samples on MalwareBazaar
TLSH A9747C1367A8E93BD1FD177BE43205145BB0D883B712E38B5A6856BCAC123868D917F3
Reporter abuse_ch
Tags:exe GuLoader QuasarRAT


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=15pTbLXfNk0mtRAYoScGhAvEF7061wD_t

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6295765-0
Create hunting rule

Win.Malware.Generic-6623004-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Tinclex
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 19:36:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
38 of 46 (82.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f2rj7knnmh2voyws2hj44yemh7p6iadyajiuaqsvekj45bvparka._file
Verdict:
malicious
Similar samples:
025432a99764f95f01790ed77271c9f52c44bd6f08763d4ea77b81afbcad6485
QuasarRAT
06749098537b1e1e031e5d568e5e6d3f0bd89ca921953909b42c271b0a3fe5f0
QuasarRAT
0936bab6d42d8ed4f6d2bcc30be32f3864376dd1da6575cabc4d681de87cb387
QuasarRAT
0eaa5bbea25ef06214bc21deab41eb7f5bdcdd4c24b0297a28607d30edf65ae1
QuasarRAT
17a3a230d310ff684cf08306fe34d13c9505ac612942875a19c98b5d000119b0
QuasarRAT
60d1ea55d2ecbd3f8289c2d11413ad2378551b8c87126d81483d18101bbd8e4a
QuasarRAT
759650986713eaf7fe5021ead7a0994f33767c14b6a7caf1079379b087df21fe
QuasarRAT
9dfc0d127c1129cd943b1c6ea494a01b40b6b29656db9a44f3dc3231db127a0e
QuasarRAT
d478602bac8b8f334f06644dd92fbe60cbba6815ced96503c7aab4df6f305e77
QuasarRAT
fec56ffb3c5a61bffba235044da127eae17d9772dbd3817b8a5ce8cad0e93cb1
QuasarRAT
+ 87 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

36d8128336af2fa7eae9d63f990d13b8cf0a36a84e41fd71ae1f3444298fe998

QuasarRAT

Executable exe 2ea29fa9ad61f55762d2d1d3ce608c3fdfe4007802514042552293ce86af0454

(this sample)

  
Dropped by
MD5 9ca904cab20986be55e27beb7dc50ba6
  
Dropped by
MD5 c640eb785683430928f4c640b671355f
  
Dropped by
GuLoader
  
Dropped by
SHA256 36d8128336af2fa7eae9d63f990d13b8cf0a36a84e41fd71ae1f3444298fe998
  
Dropped by
SHA256 17055c5258567baf8986041b6b70c05199e14a499e0d7f841a9a5709e44cb8fc
  
URLhaus
https://urlhaus.abuse.ch/url/336252/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments