MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d
SHA3-384 hash: 2500a9ec68cb4ee2e068137a662b7b13714fb469f0eb5440539ec5aba0c42e39dfe2a4e674b5cd56b4a6e3dee656b0be
SHA1 hash: 215ca86a7564e5d6d1b381b7e7ba2f173f352b29
MD5 hash: 53e4f023e55a1ce7ed3959a3e9fce5c6
humanhash: magazine-cardinal-failed-mockingbird
File name:53e4f023e55a1ce7ed3959a3e9fce5c6.exe
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:5'570'048 bytes
First seen:2020-06-02 07:12:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 802605d2a3f830bc047f8f1d7e3b6d63 (1 x AsyncRAT)
ssdeep 98304:MSmZ35l2WBUr/8nOyWPW9s33RAUzqIBPS4o49bYpOfMPdKSlWA8eXK:MFZ35lcr/8AUs33R/zBKUNSKSwAFXK
Threatray 112 similar samples on MalwareBazaar
TLSH 9F46237351690045E7F68439C523BEE532FB1266CB81A4B464F7EAD43A66DF0E323983
Reporter abuse_ch
Tags:AsyncRAT exe RAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Quasar
Create hunting rule
Status:
Malicious
First seen:
2020-05-30 16:03:55 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hzn37h6k5emachwe53tvvrsaf7o7edij734vwnrnbyrg2vvyb4oq._file
Verdict:
malicious
Label(s):
remcos
Create hunting rule
Similar samples:
04a908a9e407549cb834e945f0afb49da90f7581bda7e2d2cd3871a55997d53b
AsyncRAT
1a3bf054f01ab4ec1c068ee4bbb5961a3109e61a12374c26501ce7a772279463
AsyncRAT
33eff9415626bfe8ec4229ef6a6b248e0e6b7b1115c84a78724dd9b58336bb28
AsyncRAT
3c7744b3236b34b32adf0b3a3d5b7874533878c34d200d2c07fe0e0e37cb16f6
AsyncRAT
57372f78f979ab331a3ce1ebd9154c6eb4674db4de60c5c6b521934d7b9463ac
AsyncRAT
69bc65bef9fd7833c261434e1feb538861fc3359b66bde16a8cc0e8375a7b92c
AsyncRAT
77985fca7ae6b60c8025ba326e3bd1d9949c3fb32b9ca0f99f040be633823a7c
AsyncRAT
7d6e222b4b23f7d10f667027b0de0c51ea5262a415880c90fe60a3596a27a40d
AsyncRAT
a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
AsyncRAT
a7e7de656010612d8f5741491c7f5e4480d8face10c5f1c445fdfda6d70b4908
AsyncRAT
+ 102 additional samples on MalwareBazaar
Result
Malware family:
quasar
Create hunting rule
Score:
  10/10
Tags:
family:quasar persistence spyware trojan vmprotect
Link:
https://tria.ge/reports/201109-d7egjkajpe/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Adds Run key to start application
Looks up external IP address via web service
Executes dropped EXE
Quasar RAT
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments