MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 385d985b4b30f4e6abe301be1d8d91582a6f8bb9d73f8753721c8f48a1250abb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	385d985b4b30f4e6abe301be1d8d91582a6f8bb9d73f8753721c8f48a1250abb
SHA3-384 hash:	b4d69e13f1bafea712ed4f133138532f00182f2e0a2cd76507d2fdea4e7a248a5befa7a195a8b799e72a288140d168f1
SHA1 hash:	ee674a35d492b8c8ba24dd5a6655386dd37aff42
MD5 hash:	7790ad1f145742ba59d4ff4df30e69f4
humanhash:	south-pennsylvania-football-nineteen
File name:	bypass-setup.exe
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	89'088 bytes
First seen:	2020-10-04 08:08:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	5877688b4859ffd051f6be3b8e0cd533 (119 x Babadeda, 2 x DCRat, 2 x RedLineStealer)
ssdeep	1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf9xTK:fq6+ouCpk2mpcWJ0r+QNTBf9A
Threatray	16 similar samples on MalwareBazaar
TLSH	64936C41F3D242F7EAF10A7100A6712FA73666249724E8DBC34C3D829953AD19A7C3F9
Reporter	JAMESWT_WT
Tags:	exe Quasar QuasarRAT RAT related

Intelligence

File Origin

# of uploads :

1

# of downloads :

196

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/67957/

Detection(s):

PUA.Win.Packer.Purebasic-2

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Running batch commands

Creating a process with a hidden window

Launching a process

Deleting a recently created file

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/480853

Signature

Detected unpacking (overwrites its own PE header)

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/385d985b4b30f4e6abe301be1d8d91582a6f8bb9d73f8753721c8f48a1250abb/

Threat name:

Win32.Trojan.Ymacco

Status:

Malicious

First seen:

2020-10-04 08:01:28 UTC

File Type:

PE (Exe)

Extracted files:

2

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

05a8800b05cf0c4293f9dcc297873f36691161746aec7b65e31b0e32c8f0bebb

076dfc0a55afc36cdfd6dff84cfd0feae23029843e745b7f122980b341f7b710

238c224cf8d0b76532ae16f8a8d2682436a176909f382b8747e418f42ccaedeb

28d1ce2d141fcfc52b6b8a81f5424920ba2818a14e8ac201446697ff977082de

329e8814efa351d1c58c275981a39cf0a9ef0f50d8eb8db9bbb8f70020d75204

3ae3550b6baf30136ce9b846725c3322f23ee8428c2984750a2cfe02843993e9

76299e863b71caed1b9950d904d1b52a8174b9077c9d4bc896276881caa46fad

83946c44e144416c6c321a02db9482c7de37073f1a1814a5525504794af402bc

e6db6d5f9019bdefffc749264a267c1927dcf5eba5a7ea3dfb10db457b6b2a16

f5e4f8cf4a6691806c1fa4f0718cae9d5ff5ad41088b57a4cbcdabed09dcba2e

+ 6 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201004-djqwq7am82/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

385d985b4b30f4e6abe301be1d8d91582a6f8bb9d73f8753721c8f48a1250abb

MD5 hash:

7790ad1f145742ba59d4ff4df30e69f4

SHA1 hash:

ee674a35d492b8c8ba24dd5a6655386dd37aff42

Link:

https://www.unpac.me/results/b1791ba6-15f0-4e8a-83b0-72d127686f67/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/385d985b4b30f4e6abe301be1d8d91582a6f8bb9d73f8753721c8f48a1250abb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/67957/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample