MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7de9a92068f5d5e76df10e9ea374223cc643bd7e48a6ca774f8017aa5e1ee0c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	7de9a92068f5d5e76df10e9ea374223cc643bd7e48a6ca774f8017aa5e1ee0c8
SHA3-384 hash:	42e4eb110c91577e32ce9c1f0ceef9ae7bfcf133c39f880c0925a4f77e90949234ebe6aa6dca1de3dfd6f19f1b1285de
SHA1 hash:	b2711b1340fe09edddabc1ad98455146d57ee83b
MD5 hash:	5838faf5d7857613cb16854a92fb2281
humanhash:	potato-sierra-beryllium-bravo
File name:	yGqCAkXB.exe
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	349'700 bytes
First seen:	2020-03-17 11:21:40 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	6144:fOkumyFKcBodxKniWydCGYJY16W0FmTztBuwtrN5EUcKHYa5OMe:feFBozGiW6Y6sYuyrNyUzYao
Threatray	42 similar samples on MalwareBazaar
TLSH	7E7423C242EDCBEDFE2B09FA7903778A45987996BECD4FF93F52164614B841847023A4
Reporter	johannes
Tags:	QuasarRAT

viql

quasarrat via https://pastebin.com/raw/yGqCAkXB

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Generic-6898101-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Quasar

Status:

Malicious

First seen:

2020-03-18 12:58:44 UTC

AV detection:

29 of 31 (93.55%)

Threat level:

2/5

Verdict:

unknown

QuasarRAT

4118da509f4aace1799d5880924a4101d8ed8ee746e0a03a7f47f3cec76eaf58

QuasarRAT

5c16a29cf3c297635c1d40f3c26e85a147f6c9a1de2fb1dfe9836a3c3b547057

QuasarRAT

68d44fa879791b068793f7c819ea79d31386ac26c40a94a2d4f17c5171244605

QuasarRAT

77146703fc5c722e50ccc571bcfcf55278f5cc86574f4b470ed382bf66447945

QuasarRAT

811afa1cbaa5edfeca8702c1f8579c32885a98e8852c3f188b3adf0b010e6d2a

QuasarRAT

92574e92ed7461639393ef09258609b637fc5e68341c5fe13e460f2dff705d0d

QuasarRAT

9bdea75678155f51df05070d28789a92296f5727a77ea232500b06beb2debd4d

QuasarRAT

c786900907fb436588483d9e7687c3abc6c0d2a72c9dbd17b5bdc1415df4c34f

QuasarRAT

ccb7e7ea08121c1d3d37739b4273e750843fe2296d24ae69a8efb686adbf53c3

QuasarRAT

+ 32 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7de9a92068f5d5e76df10e9ea374223cc643bd7e48a6ca774f8017aa5e1ee0c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/yGqCAkXB

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample