MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57372f78f979ab331a3ce1ebd9154c6eb4674db4de60c5c6b521934d7b9463ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	57372f78f979ab331a3ce1ebd9154c6eb4674db4de60c5c6b521934d7b9463ac
SHA3-384 hash:	b25136f742cb3ef96526c86796b1043ebc53e5ee3a16ac746558dc186e923048c319c8fbbe0526c3ef2a227c4a577363
SHA1 hash:	bbbd03352e8475eff99a728313938cdbeb9c89cc
MD5 hash:	27657c49495afce70c1e53e0304ded6a
humanhash:	dakota-seven-nebraska-jig
File name:	wcXKsg14.exe
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	553'984 bytes
First seen:	2020-03-17 11:53:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'601 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	6144:sKJuiyEnCGnhJlMP5Kq+SMv0VGb7bDcllbkhJh:vzCGL69zVGkllbkB
Threatray	78 similar samples on MalwareBazaar
TLSH	71C4392537A4A53BF5ED0374E5F4A1184BB6FC027516E38E2958FAE828373C486427E7
Reporter	johannes
Tags:	QuasarRAT

viql

quasarrat via https://pastebin.com/raw/wcXKsg14

Intelligence

File Origin

# of uploads :

# of downloads :

109

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Barys-1

Win.Trojan.Generic-6295765-0

Win.Ransomware.Generic-6545091-0

Win.Malware.Generic-6623004-0

Win.Trojan.Generic-6898101-0

Win.Trojan.Generic-6898102-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Quasar

Status:

Malicious

First seen:

2020-03-18 12:58:17 UTC

AV detection:

33 of 45 (73.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=k43s66hzpgvtggr44hv5sfkmn22gotnu3zqmlrvvegju264umowa._file

Verdict:

malicious

QuasarRAT

1a3bf054f01ab4ec1c068ee4bbb5961a3109e61a12374c26501ce7a772279463

QuasarRAT

33eff9415626bfe8ec4229ef6a6b248e0e6b7b1115c84a78724dd9b58336bb28

QuasarRAT

3c7744b3236b34b32adf0b3a3d5b7874533878c34d200d2c07fe0e0e37cb16f6

QuasarRAT

3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d

QuasarRAT

69bc65bef9fd7833c261434e1feb538861fc3359b66bde16a8cc0e8375a7b92c

QuasarRAT

77985fca7ae6b60c8025ba326e3bd1d9949c3fb32b9ca0f99f040be633823a7c

QuasarRAT

7d6e222b4b23f7d10f667027b0de0c51ea5262a415880c90fe60a3596a27a40d

QuasarRAT

a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5

QuasarRAT

a7e7de656010612d8f5741491c7f5e4480d8face10c5f1c445fdfda6d70b4908

QuasarRAT

+ 68 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/57372f78f979ab331a3ce1ebd9154c6eb4674db4de60c5c6b521934d7b9463ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/wcXKsg14

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample