MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec
SHA3-384 hash: d86cb94e465c7578d2a13ec8c0b485faba3dc3ca0d51423045b7e8b47fc6920fd4146ca72de9a6e3b8f1ebc74d979c43
SHA1 hash: 9893c717856097fa5bc91d0171f140f192c5e62c
MD5 hash: bb1df94080cfd1c1c58656d8a850bc3d
humanhash: blue-green-kitten-lemon
File name:8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec.bat
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:1'224'766 bytes
First seen:2026-03-31 15:04:31 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 24576:34ZGzNkeJTlDC6/2rRrTGjKJWtllfEI06n:Fnx2utME
Threatray 318 similar samples on MalwareBazaar
TLSH T1544502B123D26FBBFDA88A1463B8798D19F25F9F06801F1F66723A403B499C61036D5D
Magika batch
Reporter JAMESWT_WT
Tags:bat github-com--ashduasdoasdoasd QuasarRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Malware family:
n/a
ID:
1
File name:
8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec.bat
Verdict:
Malicious activity
Analysis date:
2026-03-31 15:05:40 UTC
Tags:
pulsar rat crypto-regex
Link:
https://app.any.run/tasks/3361e3b2-0961-40dd-a75b-a80a7e68349b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/59924/
Detection(s):
SecuriteInfo.com.Other.Malware-gen.79487261.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cbe2bf6363ca5d27f03cc5
Tags:
vmdetect emotet
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Delayed reading of the file
Launching a process
Creating a window
Creating a file
Sending a custom TCP request
Creating a process with a hidden window
Creating a process from a recently created file
Сreating synchronization primitives
Connection attempt
Unauthorized injection to a recently created process
Verdict:
Malicious
Labled as:
TrojanDownloader/BAT.Agent
Link:
https://www.hybrid-analysis.com/sample/8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec/results?tab=lookup
Score:
97%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec
Threat name:
Script-BAT.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-03-27 01:57:06 UTC
File Type:
Text (Batch)
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rbj54dpymir2tkaqqfpyeft53glqxe2npqhpnnj3nwitzh54ipwa._file
Verdict:
malicious
Label(s):
quasarrat
Create hunting rule
Similar samples:
0b5c1b777491d7f267bdb5b1eb6e687323799f85ea5eac44f3db11a84c7f505c
QuasarRAT
2b27e0ac82a80a95f243c3f1f55e12870f0d7840b9761cb28d2d32f08c6f9d32
QuasarRAT
a7c4b700d55ace0c0b6e2005a507aa4cec3e76e23e33a5a22cd3e004cc18f652
QuasarRAT
de4a52117da22ace7c927b2355a20af7091fb0461828daff9fd1eae90df7adde
QuasarRAT
e6a5b25f6908df2812d77e1b071f71002eae1c6584da91bbb571d073c2ec2c6b
QuasarRAT
error
QuasarRAT
fc9003092baa0c5121ef92753ac46c2372620f423fa700896b52ae1413ebe75d
QuasarRAT
+ 308 additional samples on MalwareBazaar
Result
Malware family:
quasar
Create hunting rule
Score:
  10/10
Tags:
family:quasar defense_evasion execution spyware trojan
Link:
https://tria.ge/reports/260331-sgcyvsbw2p/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Deobfuscate/Decode Files or Information
Executes dropped EXE
Command and Scripting Interpreter: PowerShell
Quasar RAT
Quasar family
Quasar payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/59924/

Comments