MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c0ea5386a5ec2a05300bc4703eef315e2bd9c66c2946712a924bda136f71406. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c0ea5386a5ec2a05300bc4703eef315e2bd9c66c2946712a924bda136f71406
SHA3-384 hash: 36ff94fd95b163ab811afecca3396c0697d2784207d672dd9c07af8cd4547a0de7d96f13805f65b20db92ae337205db8
SHA1 hash: 331a523b216f172c1fd1acdf2d74ff151bf86a85
MD5 hash: d6e26b82e85b8f361f294f33cca737c3
humanhash: michigan-oklahoma-massachusetts-fanta
File name:YA-SA tanker appointment.zip
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:857'501 bytes
First seen:2020-10-07 11:40:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:KgudJ6cSlGevbOaeWsY0R2bgCmDplch8vdv0rVL/K:KgcSlGybCnNRUvmDplch8vdsBe
TLSH 790533AC09707448208170F3DEC42DFE60881B84AA6EFA65D9502F55F37F53E4A9EBE5
Reporter cocaman
Tags:QuasarRAT zip


Avatar
cocaman
Malicious email (T1566.001)
From: "ATIQ AHMED <atiqahmed@yasatanker.com>"
Received: "from yasatanker.com (unknown [103.114.106.7]) "
Date: "07 Oct 2020 04:40:27 -0700"
Subject: "Port agency appointment by YA/SA TANKER , NAVIOS HIOS/ 2621040-005/ Tanjung Manis"
Attachment: "YA-SA tanker appointment.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c0ea5386a5ec2a05300bc4703eef315e2bd9c66c2946712a924bda136f71406/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 11:42:06 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqhkkodkl3bkauyaxrdqh3xtcxrl3hdgykkgoevjes62cnxxcqda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4c0ea5386a5ec2a05300bc4703eef315e2bd9c66c2946712a924bda136f71406

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QuasarRAT

zip 4c0ea5386a5ec2a05300bc4703eef315e2bd9c66c2946712a924bda136f71406

(this sample)

QuasarRAT

Executable exe 88d7ccc6752536d44a533c184e24437ec1181dc841ed7c1fa6bcc408add5340e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 88d7ccc6752536d44a533c184e24437ec1181dc841ed7c1fa6bcc408add5340e

Comments