MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a1445f029d28343de5ba7bfac35b74bde499f37387398563eda36b4ec85f414. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a1445f029d28343de5ba7bfac35b74bde499f37387398563eda36b4ec85f414
SHA3-384 hash: 04b2089639caf46a64427947d09e9dba637f39a22e7cebc45f82d2aafae46ebbc50c0691018343d783996ad4de8cb0b1
SHA1 hash: eebead4bc843a047845927549c162eaecb430ce5
MD5 hash: 28780500a930862815f253fefede84f6
humanhash: ack-wisconsin-robert-violet
File name:INV-009484_PDF.zip
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:1'032'301 bytes
First seen:2020-10-26 08:53:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:q7EfbOk/YFMpqm+NWUR2X5chAkMg77j42E/+sB0UhwJI:q7KbAMkm+NWI2XBkMIE/+q0UhGI
TLSH C7252381287837A302A5FB80AE38B9D79B2E37D0BC0E364DB2595C7D55CF4588086F6D
Reporter abuse_ch
Tags:QuasarRAT RAT zip


Avatar
abuse_ch
Malspam distributing QuasarRAT:

HELO: tonyhai
Sending IP: 103.225.25.6
From: Finance Team <krajcik@materian.ml>
Subject: RE: HCCI OUTSTANDING PAYMENT $59,459 USD
Attachment: INV-009484_PDF.zip (contains "INV-009484_PDF.exe")

QuasarRAT C2:
23.105.131.241:9000

Intelligence

File Origin
# of uploads :
1
# of downloads :
328
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader35.7593.21918.3967.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a1445f029d28343de5ba7bfac35b74bde499f37387398563eda36b4ec85f414/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 00:55:35 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tikel4bj2kbuhxs3u672ynnxjppethzxhbzzqvr63i3lj3ef6qka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QuasarRAT

zip 9a1445f029d28343de5ba7bfac35b74bde499f37387398563eda36b4ec85f414

(this sample)

QuasarRAT

Executable exe 703aadea111eae71a7dfb3f2c63c4522b4edd138033fef221295f74d3509e10a

  
Dropping
MD5 c70bd03807471d22071110f5179bddc9
  
Dropping
QuasarRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 703aadea111eae71a7dfb3f2c63c4522b4edd138033fef221295f74d3509e10a

Comments