MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cdcc531878d3a23d2da833a058efa100b91d212e4d5780cb21d5d36db0cbd01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cdcc531878d3a23d2da833a058efa100b91d212e4d5780cb21d5d36db0cbd01
SHA3-384 hash: db82222de8d46b8533d57217557400a3ce68dfcf08e21d4e02d4e7aa1aa709bfa314a151fca6bf8a1c31020e72635fa1
SHA1 hash: 140e50f19ec087ca777845c03da153aa34cae8d6
MD5 hash: a53c69b6933545ce2d467b39487652fd
humanhash: oregon-spaghetti-carbon-pip
File name:G0dUQzCA.exe
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:356'352 bytes
First seen:2020-03-11 07:56:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:pzNHXf500MlCAfyeP7pbuId3MzxhIeNUdyTfr0S:Nd50/pfyS443MkeNUdyTfIS
Threatray 83 similar samples on MalwareBazaar
TLSH 06748D1333A4EA7BE1BE173AE432071947B0D853B616E3CB5A5A55B92D133868D813F3
Reporter johannes
Tags:QuasarRAT


Avatar
viql
quasarrat via https://pastebin.com/raw/G0dUQzCA

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Agent-7661574-0
Create hunting rule

Win.Trojan.Generic-6295765-0
Create hunting rule

Win.Malware.Generic-6623004-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Tinclex
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 13:21:05 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0eaa5bbea25ef06214bc21deab41eb7f5bdcdd4c24b0297a28607d30edf65ae1
QuasarRAT
44ea4b14ee643709c87800d407e19e45d9f6a1f3bea15c00de3afcfba2614e8a
QuasarRAT
4c6c1c0d7925af6c2891164d67743204132fcc8ea3cda471c005f446ea1cfda1
QuasarRAT
51ad568171d6a835bc1edd45cfe1fee659085dfc4522ac3d93c1458688d44bd5
QuasarRAT
810bbf258484b94bf2e51c7fba2f8a19f6aaf1137c982d2d6a97e600159c16fa
QuasarRAT
904a518a8c867a1fd79e963fcdd317aa9f5a76eb6964b027cb0566d4a87102d7
QuasarRAT
b71d6728f8709dc2b8b6a57bbd0ea7d27e78a0ea16af5eff61b2d11f983e0129
QuasarRAT
b7f09be3bf95632ac3219b3d402a419e9bc40a54a3fc6ac1c57c183798e525fe
QuasarRAT
d478602bac8b8f334f06644dd92fbe60cbba6815ced96503c7aab4df6f305e77
QuasarRAT
ee1b2c9bdba344c7fe2dc2bec7544a038ad64dbed6add636ecdd426079296c28
QuasarRAT
+ 73 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9cdcc531878d3a23d2da833a058efa100b91d212e4d5780cb21d5d36db0cbd01

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/G0dUQzCA

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments