MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77
SHA3-384 hash: 318b2d3890dfc3b378df00f1c6174fbdf3a1b691e8a12a4fff092fc62cd748686b6ca45bfcc98e76ff0160dec031c543
SHA1 hash: d5df2e91c638b5a49f5c083ba6614040df61a6e3
MD5 hash: d00c7159b1664412e8c270298083600a
humanhash: cup-one-louisiana-equal
File name:Pulsar-Client.bat
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:890'154 bytes
First seen:2025-10-19 16:25:39 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 24576:7jnbkNZ+aIwWmW0cN8AEy/yL/EccSILwXoJ:73wZRxW78zynJ
Threatray 147 similar samples on MalwareBazaar
TLSH T11E1512020E5BF6E48F1D71C4112D1F502E692E89E0CED987B2C271CB9B7F5D2A6A7634
Magika txt
Reporter 01Xyris
Tags:bat exe QuasarRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Pulsar-Client.bat
Verdict:
Malicious activity
Analysis date:
2025-10-19 16:27:16 UTC
Tags:
crypto-regex
Link:
https://app.any.run/tasks/ce6b9080-b03a-42de-b0e7-7498ced46f35

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/33333/
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f511566dc4a08515e32bdc
Tags:
proxy shell spawn sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
evasive obfuscated powershell
Link:
https://www.filescan.io/uploads/68f5129cacdc0d13837de369/reports/bb6693cd-4524-4cd6-b2e5-c921e0ac097c/overview
Verdict:
Suspicious
Labled as:
Trojan/BAT.Agent
Link:
https://www.hybrid-analysis.com/sample/37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-19T13:51:00Z UTC
Last seen:
2025-10-19T14:05:00Z UTC
Hits:
~10
Detections:
Trojan.Agent.UDP.C&C PDM:Trojan.Win32.Generic HEUR:Trojan.BAT.Alien.gen
Link:
https://opentip.kaspersky.com/37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-10-19 16:33:39 UTC
File Type:
Text (Batch)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g5lfwvnk7lyocxpdxpe65eouyp2c7bwvnhcbasgjf5o4hagrdz3q._file
Verdict:
malicious
Label(s):
quasarrat
Create hunting rule
Similar samples:
051bcd80b859378e9ff45546ecc3766499f44190fe25716b7419769b38308320
QuasarRAT
2b350cc0413da0f03e0c900959dac67bb88ad965b8cb4775e452c0f639ff4b7b
QuasarRAT
348b05201dbe7fd54d844f0e94906a45c899bb0a450c11a2d0e7a385517f0a4e
QuasarRAT
44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e
QuasarRAT
6dbb22d7e0e30cbba3a888b9e736c9953c7edd4bb04a8855ff998f188e77e661
QuasarRAT
8fb0cb3397fd345f1c0d4406d6e07acce51ea58d3037cc58c1d86204e897e0a5
QuasarRAT
a924f18d12acc2fcedcbf6a268715ceee220f82d43e34578e3a25df7123c58e4
QuasarRAT
ae4100252450220b4f7d39214d4660894ee149d9c96a885f844f0652283198e9
QuasarRAT
c32f2184fadc3d690d8b38e83d66a43dc1035399d652f3cf95a97a4cb4912026
QuasarRAT
error
QuasarRAT
+ 137 additional samples on MalwareBazaar
Result
Malware family:
quasar
Create hunting rule
Score:
  10/10
Tags:
family:quasar execution spyware trojan
Link:
https://tria.ge/reports/251019-t16wqabl8w/
Behaviour
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Quasar RAT
Quasar family
Quasar payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/33333/

Comments