MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 15

Intelligence 15 IOCs YARA 5 File information Comments

SHA256 hash:	995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb
SHA3-384 hash:	18370b5462e897bb1ec10ef49f8a336dcaef9adfa5d137d4b2de3b68291967b932ac882302113d3e8b3b0f35b793399d
SHA1 hash:	30787ceadd3ba032942d2eccc980f8a69cfe0dd1
MD5 hash:	28f127d21e6e4b48840f68ecae3a3743
humanhash:	wolfram-harry-beer-delta
File name:	995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	7'281'152 bytes
First seen:	2025-09-05 12:57:19 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'669 x AgentTesla, 19'482 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	49152:VyUQsKBA1bf5AVpuM/eCCC6R6bvh84+hQ0Vb7GmZRZ5l9Q37PzQybrmTepC7:omKBjDuM/eCRvT+a0VbykF9Q37PE4rm
Threatray	105 similar samples on MalwareBazaar
TLSH	T173767C3D58CC12B7E5BBD2B5E5F946CBFB51644B32129C0EAADB03891902B867DC231D
TrID	67.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 9.7% (.EXE) Win64 Executable (generic) (10522/11/4) 6.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 4.1% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	adrian__luca
Tags:	exe QuasarRAT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb

Verdict:

Suspicious activity

Analysis date:

2025-09-05 18:20:44 UTC

Tags:

httpdebugger tool auto-reg

Link:

https://app.any.run/tasks/c7406684-ef5e-456a-bacf-5f8544215767

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

QuasarStealer

Link:

https://www.capesandbox.com/analysis/25510/

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68bade57eb163e0ec1847fbb

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Сreating synchronization primitives

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

expand lolbin obfuscated obfuscated obfuscated remote tracker vbnet

Link:

https://www.filescan.io/uploads/68bae88937c25fcf12d4c6ab/reports/5fe1f570-44d5-4752-9870-22be5f8bd589/overview

Verdict:

Malicious

Labled as:

Jalapeno.Generic

Link:

https://www.hybrid-analysis.com/sample/995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-08-18T23:21:00Z UTC

Last seen:

2025-08-18T23:21:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d31be286-621a-4f8d-b018-01780f4a4c33

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb/

Threat name:

Win32.Trojan.Jalapeno

Status:

Malicious

First seen:

2025-08-19 02:39:42 UTC

File Type:

PE (.Net Exe)

Extracted files:

291

AV detection:

25 of 38 (65.79%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tfpbzmjcj3ksul5cgekzvpal324n5dpn2uqimzxwing7q7vbk25q._file

Verdict:

malicious

Label(s):

quasarrat

QuasarRAT

2fd66245852c8e1c7c5aa9354e333c4af0e05804ffccf349981286b7bb23abfb

QuasarRAT

995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb

QuasarRAT

b98bd65a0927c3dfc381b13df96e666fa2bb5bead3284864bc904b3ad657a6dc

QuasarRAT

c1b011778271c50b58e7d1cc972434f98671118a3dd381dc4fd5f52b5f2c42a2

QuasarRAT

error

QuasarRAT

+ 95 additional samples on MalwareBazaar

Result

Malware family:

quasar

Score:

10/10

Tags:

family:darktortilla family:quasar botnet:eb crypter discovery execution loader persistence spyware trojan

Link:

https://tria.ge/reports/250905-qy7hpaxmv3/

Behaviour

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Executes dropped EXE

Darktortilla

Darktortilla family

Detects Darktortilla crypter.

Quasar RAT

Quasar family

Quasar payload

Malware Config

C2 Extraction:

ebube.ydns.eu:2024

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/03ad41f8-0605-4465-b9d6-c33f59cca5d9

Unpacked files

SH256 hash:

995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb

MD5 hash:

28f127d21e6e4b48840f68ecae3a3743

SHA1 hash:

30787ceadd3ba032942d2eccc980f8a69cfe0dd1

Link:

https://www.unpac.me/results/67bb2f6c-2473-4e15-b6da-5e7f780c4b1a/

SH256 hash:

b3e02d319db43642650fdfe96d8d3810c7b97184ffbf6c9c5debdf46074da11a

MD5 hash:

8eca23243d7823359fb90676bd94b4a1

SHA1 hash:

774559b747bbc15c07add310402c83611470d09f

Link:

https://www.unpac.me/results/67bb2f6c-2473-4e15-b6da-5e7f780c4b1a/

Malware family:

QuasarRAT

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/995e1cb1224e/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/995e1cb1224ed52a2fa231159abc0bdeb8de8dedd5208666f6434df87ea156bb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/25510/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample