MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 461b057f2464cee8b9bb8715c84da7d4f65913b9702dc839c2152e496d232af1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 461b057f2464cee8b9bb8715c84da7d4f65913b9702dc839c2152e496d232af1
SHA3-384 hash: 3aa35e44e4abef2702a760b7d29b0b4208763972a1ed3215227de104b42af918999d355f9cb2462391acdf37ac0a5c7e
SHA1 hash: 4f8c86191dad459d189517219508f8b7b94cac52
MD5 hash: 8291e6cf44e875a133a6fd343bd922a6
humanhash: failed-iowa-oven-charlie
File name:OC6543366.z
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:472'296 bytes
First seen:2020-05-13 16:45:57 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:GBY7faqzrlIVts8pxntH/tkgudSxRk+JkwRGq4I3UfO1:GBAfaqPlOt3ptfKgudMJk0b
TLSH F5A4237A3C03F34E6C1F56D9A52F2AAEDC55877D74CAB8F22D0A92006C19C1B53B44E9
Reporter abuse_ch
Tags:QuasarRAT RAT z


Avatar
abuse_ch
Malspam distributing QuasarRAT:

HELO: webmail.active.by
Sending IP: 185.47.152.61
From: Beate Grabelus <m@lsm.by>
Reply-To: Beate Grabelus <m@lsm.by>
Subject: Order Confirmation
Attachment: OC6543366.z (contains "gPUVWSQf8weGGSn.exe")

QuasarRAT C2:
graceofgod.myftp.biz:4061

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 17:36:26 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iynqk7zemthoron3q4k4qtnh2t3fse5zoaw4qooccuxes3jdflyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QuasarRAT

z 461b057f2464cee8b9bb8715c84da7d4f65913b9702dc839c2152e496d232af1

(this sample)

QuasarRAT

Executable exe 2fd0f9d77de102d8b53f3d38eb559d2cd0d0e9f4ba3cfbc042f952367b5ca65e

  
Dropping
MD5 7b44eeae9bf7fcb75e68a5f25bdf0599
  
Dropping
QuasarRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2fd0f9d77de102d8b53f3d38eb559d2cd0d0e9f4ba3cfbc042f952367b5ca65e

Comments