MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c7744b3236b34b32adf0b3a3d5b7874533878c34d200d2c07fe0e0e37cb16f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c7744b3236b34b32adf0b3a3d5b7874533878c34d200d2c07fe0e0e37cb16f6
SHA3-384 hash: 098e23ada91d91a3bf0726f90602b81417a94b1af7c2c5139e9dd5ab34c6db1d5e5a596828be9ab7c10a40e58e73f689
SHA1 hash: 03af2c3dc70057fef796493758d750a2f5c61eb4
MD5 hash: a471577e5af444f0c2c529722cfe6752
humanhash: kitten-pennsylvania-nineteen-uncle
File name:m1P2cwfp.exe
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:330'752 bytes
First seen:2020-03-23 10:53:44 UTC
Last seen:2020-03-24 08:30:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 6144:V7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbkfUP2:NlJtTF9zVGkllbkfUO
Threatray 78 similar samples on MalwareBazaar
TLSH DA64382517A8E53BD9AE1774E53141F94A76FC06F516F38F6A183CB8383A38981427E3
Reporter johannes
Tags:QuasarRAT


Avatar
viql
quasarrat via https://pastebin.com/raw/m1P2cwfp

Intelligence

File Origin
# of uploads :
2
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Barys-1
Create hunting rule

Win.Trojan.Generic-6295765-0
Create hunting rule

Win.Ransomware.Generic-6545091-0
Create hunting rule

Win.Malware.Generic-6623004-0
Create hunting rule

Win.Trojan.Generic-6898101-0
Create hunting rule

Win.Trojan.Generic-6898102-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Quasar
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 15:51:00 UTC
AV detection:
28 of 30 (93.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hr3ujmzdnm2lgkw7bm5d2w3yorjtq6gdjuqa2lah7yha4n6lc33a._file
Verdict:
malicious
Similar samples:
04a908a9e407549cb834e945f0afb49da90f7581bda7e2d2cd3871a55997d53b
QuasarRAT
1a3bf054f01ab4ec1c068ee4bbb5961a3109e61a12374c26501ce7a772279463
QuasarRAT
33eff9415626bfe8ec4229ef6a6b248e0e6b7b1115c84a78724dd9b58336bb28
QuasarRAT
3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d
QuasarRAT
57372f78f979ab331a3ce1ebd9154c6eb4674db4de60c5c6b521934d7b9463ac
QuasarRAT
69bc65bef9fd7833c261434e1feb538861fc3359b66bde16a8cc0e8375a7b92c
QuasarRAT
77985fca7ae6b60c8025ba326e3bd1d9949c3fb32b9ca0f99f040be633823a7c
QuasarRAT
7d6e222b4b23f7d10f667027b0de0c51ea5262a415880c90fe60a3596a27a40d
QuasarRAT
a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
QuasarRAT
a7e7de656010612d8f5741491c7f5e4480d8face10c5f1c445fdfda6d70b4908
QuasarRAT
+ 68 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/m1P2cwfp
  
Link
https://pastebin.com/raw/aSXHPSnt

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments