MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2
SHA3-384 hash:	bced87c6cfee845ec0ee30261a9eeb20476f6ebcd90b67212626b89176db24be9b1fb48cd074e032e4d44bf36f58ce72
SHA1 hash:	908a42a0f26dae156b5a0a73bc7a56fc144572df
MD5 hash:	78730d3b13c2fccc5408b14f62b01ed6
humanhash:	illinois-five-robert-sad
File name:	A.hta
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	13'520 bytes
First seen:	2026-03-31 12:46:57 UTC
Last seen:	Never
File type:	hta
MIME type:	text/html
ssdeep	384:Ya3Jne6BkOMKJCGFkDd6KFrwjSswoRkHge2MM62c7kOaq/JnFSWsu9d3zyQBziJZ:YI3Z
TLSH	T12052992C09BDFA5893D9E316EB99F3276D461CAFD2B875172AB38C6DA0024C045DB4C7
Magika	html
Reporter	JAMESWT_WT
Tags:	github-com--ashduasdoasdoasd hta QuasarRAT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Gathering data

Detection(s):

TwinWave.EvilHTA.DridexEsqCigarettesNAlcohol.M2.20211202.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69cbc31e3a18a6e1ddf00593

Tags:

obfuscate xtreme sage

Result

Verdict:

Malicious

File Type:

HTA File - Malicious

Link:

https://app.docguard.net/32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2/results/dashboard

Behaviour

BlacklistAPI detected

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 powershell

Link:

https://www.filescan.io/uploads/69cbc2502346b9da57b35ba1/reports/a71c3cde-43ba-4756-bfa2-5349e9e00016/overview

Verdict:

Malicious

Labled as:

VBS:Electryon.420

Link:

https://www.hybrid-analysis.com/sample/32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2

Verdict:

Malicious

File Type:

hta

First seen:

2026-03-31T10:13:00Z UTC

Last seen:

2026-04-01T00:47:00Z UTC

Hits:

~10

Detections:

Trojan-PSW.MSIL.Agent.sb Trojan-Downloader.Win32.Bitser.sb Trojan-Downloader.JS.SLoad.sb Trojan.MSIL.Agent.sb PDM:Exploit.Win32.Generic HEUR:Trojan-Banker.MSIL.ClipBanker.gen HEUR:Trojan.Win32.Generic HEUR:Trojan.MSIL.Convagent.gen Backdoor.MSIL.PulsarRAT.sb Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2/results?tab=lookup

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Html

Link:

https://app.malva.re/file/78730d3b13c2fccc5408b14f62b01ed6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2/

Verdict:

Malicious

Threat:

Family.QUASAR

Link:

https://tip.neiki.dev/file/32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2

Threat name:

Script-WScript.Trojan.Electryon

Status:

Malicious

First seen:

2026-03-30 17:00:18 UTC

File Type:

Text (VBS)

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=glyvfoqv7fqmks7g7ixlv2w4wibbdls254gttbw63qsxrj64hcra._file

Result

Malware family:

quasar

Score:

10/10

Tags:

family:quasar discovery dropper execution spyware trojan

Link:

https://tria.ge/reports/260331-p1a2tsdw2y/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Contacts third-party web service commonly abused for C2

Checks computer location settings

Command and Scripting Interpreter: PowerShell

Download via BitsAdmin

Downloads MZ/PE file

Quasar RAT

Quasar family

Quasar payload

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample