MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69bc65bef9fd7833c261434e1feb538861fc3359b66bde16a8cc0e8375a7b92c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	69bc65bef9fd7833c261434e1feb538861fc3359b66bde16a8cc0e8375a7b92c
SHA3-384 hash:	3af217acd064696c720967c3c74661ccdeb2f6b3fa10ad0052eda2ad557e7c3859d03057c9b327bd2ccb213cb3f42085
SHA1 hash:	597c4048fece8c50ec0fbe4c8d1808451544e1e3
MD5 hash:	796ad11c1b34cb14531493c144876284
humanhash:	failed-maine-twelve-pennsylvania
File name:	nMFzv1nU.exe
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	553'984 bytes
First seen:	2020-03-17 14:56:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:KKJuiyEnCGnhJlMP5Kq+SMv0VGb7bDcllbkuJh:5zCGL69zVGkllbkm
Threatray	78 similar samples on MalwareBazaar
TLSH	74C4292537A4A53BF5ED0374E5F4A1184BB6FC027416E38E2958F6E928373C486427E7
Reporter	johannes
Tags:	QuasarRAT

viql

quasarrat via https://pastebin.com/raw/nMFzv1nU

Intelligence

File Origin

# of uploads :

# of downloads :

108

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Barys-1

Win.Trojan.Generic-6295765-0

Win.Ransomware.Generic-6545091-0

Win.Malware.Generic-6623004-0

Win.Trojan.Generic-6898101-0

Win.Trojan.Generic-6898102-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Quasar

Status:

Malicious

First seen:

2020-03-18 12:58:10 UTC

AV detection:

33 of 45 (73.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ng6glpxz7v4dhqtbinhb722trbq7ym2zwzv54fvizqhig5nhxewa._file

Verdict:

malicious

QuasarRAT

1a3bf054f01ab4ec1c068ee4bbb5961a3109e61a12374c26501ce7a772279463

QuasarRAT

33eff9415626bfe8ec4229ef6a6b248e0e6b7b1115c84a78724dd9b58336bb28

QuasarRAT

3c7744b3236b34b32adf0b3a3d5b7874533878c34d200d2c07fe0e0e37cb16f6

QuasarRAT

3e5bbf9fcae918011ec4eee75ac6402fddf20d09fef95b362d0e226d56b80f1d

QuasarRAT

57372f78f979ab331a3ce1ebd9154c6eb4674db4de60c5c6b521934d7b9463ac

QuasarRAT

77985fca7ae6b60c8025ba326e3bd1d9949c3fb32b9ca0f99f040be633823a7c

QuasarRAT

7d6e222b4b23f7d10f667027b0de0c51ea5262a415880c90fe60a3596a27a40d

QuasarRAT

a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5

QuasarRAT

a7e7de656010612d8f5741491c7f5e4480d8face10c5f1c445fdfda6d70b4908

QuasarRAT

+ 68 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/69bc65bef9fd7833c261434e1feb538861fc3359b66bde16a8cc0e8375a7b92c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/nMFzv1nU

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample