MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 951c5ad4302e1b867d5636c5d1f663bd97dd07df8844800fe79bf7ed380a0668. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 951c5ad4302e1b867d5636c5d1f663bd97dd07df8844800fe79bf7ed380a0668
SHA3-384 hash: 549b242afe634815af04d249524106b37cf69bf65dd563963078fd98581ecebdf3c08fb46a408b1644f1f8ae0c8bf6f0
SHA1 hash: bd32a8deb97df81472d85aaf7741ebfd9d19543d
MD5 hash: 92378e10943a1a329ab349e3b1d97997
humanhash: mars-carolina-speaker-edward
File name:Xeron_Scan2021002111002.zip
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:2'119'929 bytes
First seen:2021-01-07 10:05:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:/aO7m+PWFRG/mVwW4b0PzW4AjOsvaG5doKDmD9aDx7ncVMbr:/aOqLG/mi7QPC4Ajdyg6KDmD9aDpFbr
TLSH 04A5339E69EC2D2F312951EB5DBE31344D95A036E1429C8FFA6C29F821333ED503E582
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sineicom.co.jp
Sending IP: 119.245.208.68
From: FedEx <yasu-sema@sineicom.co.jp>
Subject: Unable to deliver your parcel
Attachment: Xeron_Scan2021002111002.zip (contains "Xeron_Scan2021002111002.doc")

Intelligence

File Origin
# of uploads :
1
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27301.RtfHeur.BadVer.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.FakeRTF-2.UNOFFICIAL
Create hunting rule

MiscreantPunch.RTF.2017-0199.Obfus.170830.UNOFFICIAL
Create hunting rule

MiscreantPunch.RTF.2017-0199.Obfus.171711.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.RTFFakeVersionWithObjUpdateUKSurfMix.20200514.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.DOCXSTRGOOD.RTFSTR._E_R_N_E_L_3_2_OADLIBRARYW_S_ETPROCADDRESS_.200622.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/951c5ad4302e1b867d5636c5d1f663bd97dd07df8844800fe79bf7ed380a0668/
Threat name:
Document-Office.Exploit.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 10:06:06 UTC
AV detection:
6 of 46 (13.04%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=suofvvbqfynym7kwg3c5d5tdxwl52b67rbciad7htp362oakazua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Bloodhound
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/951c5ad4302e1b867d5636c5d1f663bd97dd07df8844800fe79bf7ed380a0668

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QuasarRAT

zip 951c5ad4302e1b867d5636c5d1f663bd97dd07df8844800fe79bf7ed380a0668

(this sample)

QuasarRAT

Word file doc 185ba54811bf367e51e498ccb60534544790abe9d757a5fd2fdd4ff94c2cd912

  
Dropping
MD5 ee4b4ee2e0170b4ae098c8bcf37c2226
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 185ba54811bf367e51e498ccb60534544790abe9d757a5fd2fdd4ff94c2cd912

Comments