MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45ef6e4f80f8619585cb239d12cc89dddff3cc158600fdf33fc4834b1f8b49a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	45ef6e4f80f8619585cb239d12cc89dddff3cc158600fdf33fc4834b1f8b49a6
SHA3-384 hash:	c1b72526f4328b343b73e1217f8be773df9bdf5db1701e7f7d68c5943b7d6a6172940015c28ad4e9696ce6b01f7255e1
SHA1 hash:	702452628ecaae717dfe273319dc8de15217f50f
MD5 hash:	f0e77390c4f252b0f558535bb81e21e9
humanhash:	april-lion-louisiana-fix
File name:	jfqca_Pulsar-Client.bat
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	888'214 bytes
First seen:	2025-10-19 16:25:37 UTC
Last seen:	Never
File type:	bat
MIME type:	text/plain
ssdeep	24576:XjnbkNZ+aIwWmW0cN8AEy/yL/EccSILwXoJ:X3wZRxW78zynJ
Threatray	189 similar samples on MalwareBazaar
TLSH	T10F1512024E5BB6E48F1D75C4112D2F502E692EC9E0CED98732C071CB9B7F5E2A6A7634
Magika	txt
Reporter	01Xyris
Tags:	bat exe QuasarRAT

Intelligence

File Origin

# of uploads :

1

# of downloads :

70

Origin country :

DE

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

jfqca_Pulsar-Client.bat

Verdict:

Malicious activity

Analysis date:

2025-10-19 16:27:16 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/ee44bdc3-6bf8-4294-a629-26e86f6631d7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/33332/

Detection(s):

no reply from clamd

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68f51153c949ca4fcbe34b48

Tags:

xtreme proxy shell sage

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

evasive obfuscated powershell

Link:

https://www.filescan.io/uploads/68f5127dc85c5c56972e2eb3/reports/aefcfc2c-1a68-4284-beb3-2d6713fbbd58/overview

Verdict:

Suspicious

Labled as:

Trojan/BAT.Agent

Link:

https://www.hybrid-analysis.com/sample/45ef6e4f80f8619585cb239d12cc89dddff3cc158600fdf33fc4834b1f8b49a6

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-10-19T13:54:00Z UTC

Last seen:

2025-10-19T14:15:00Z UTC

Hits:

~10

Detections:

Trojan.Agent.UDP.C&C PDM:Trojan.Win32.Generic HEUR:Trojan.BAT.Alien.gen

Link:

https://opentip.kaspersky.com/45ef6e4f80f8619585cb239d12cc89dddff3cc158600fdf33fc4834b1f8b49a6/results?tab=lookup

Score:

98%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/45ef6e4f80f8619585cb239d12cc89dddff3cc158600fdf33fc4834b1f8b49a6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/45ef6e4f80f8619585cb239d12cc89dddff3cc158600fdf33fc4834b1f8b49a6/

Verdict:

Malicious

Threat:

Trojan.Agent.UDP

Link:

https://tip.neiki.dev/file/45ef6e4f80f8619585cb239d12cc89dddff3cc158600fdf33fc4834b1f8b49a6

Threat name:

Text.Trojan.Generic

Status:

Suspicious

First seen:

2025-10-19 16:33:38 UTC

File Type:

Text (Batch)

AV detection:

3 of 24 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ixxw4t4a7bqzlboleoorftej3xp7htavqyap34z7ysbuwh4ljgta._file

Verdict:

malicious

Label(s):

quasarrat

Similar samples:

37565b55aafaf0e15de3bbc9ee91d4c3f42f86d569c41048c92f5dc380d11e77

52456d908d99b33a3dfc07c2e17a4e2dff6e9488bb0f36fe2e240a3d24ba00b2

73847acc61c5cf81e1ade006175ee43d851e6fed8c4697dd5713a7e16e39e20e

8768859060387f56a2243b3d68d1b88fc12def261668c945d67ba7772f569b24

8fb0cb3397fd345f1c0d4406d6e07acce51ea58d3037cc58c1d86204e897e0a5

ea90d10a0f856d00da2e68829e7c87e04f0d4834a05405cdbda1455c05f7de0f

+ 179 additional samples on MalwareBazaar

Result

Malware family:

quasar

Score:

10/10

Tags:

family:quasar execution spyware trojan

Link:

https://tria.ge/reports/251019-t16wqabl8v/

Behaviour

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Quasar RAT

Quasar family

Quasar payload

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/45ef6e4f80f8619585cb239d12cc89dddff3cc158600fdf33fc4834b1f8b49a6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/33332/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample