MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9dfc0d127c1129cd943b1c6ea494a01b40b6b29656db9a44f3dc3231db127a0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9dfc0d127c1129cd943b1c6ea494a01b40b6b29656db9a44f3dc3231db127a0e
SHA3-384 hash: 6eb28e69d3a52f278148967ac130fdbbb8dabd46ce75583241158d7a05c9f8f708e3a4856798fcb4853e58420ccadbc7
SHA1 hash: b707cc4ff438e02022763dac578fb7b3ea723656
MD5 hash: 2651328ea0ca3e87462ffcdcf9a2cfe2
humanhash: winter-green-maine-monkey
File name:9dfc0d127c1129cd943b1c6ea494a01b40b6b29656db9a44f3dc3231db127a0e
Download: download sample
File size:1'426'944 bytes
First seen:2020-06-10 07:36:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2e5467cba76f44a088d39f78c5e807b6 (131 x DCRat, 112 x njrat, 80 x RedLineStealer)
ssdeep 24576:GUccGvp3YYi8HEUXT4rdnrX92dn4V2i4soh1v97DNUzcIhL0/trTF:GUuv1YN8HEsTmdnrXIJ4DM1v9Vc1LcT
Threatray 16 similar samples on MalwareBazaar
TLSH BA6533B05F849659C0AA61B1698C031472EAF3D3846C86B4E0FEB55EB741B5ACF036DF
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.EnigmaProtector-19
Create hunting rule

PUA.Win.Packer.EnigmaProtector-1
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.QuasarRAT
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 00:55:03 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2eafd2db3852f320398ef9bbbab1d291e52e75bba78e3fe21c0fbffe385ba865
30785da049b13f1cd228be54f6ce25d801f3fc4890dada9464830e078df7cf94
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
eddc999a7e76c2af01abaa813a903686f6f5b7ff94a7587c071bf2d2243b5239
f4901daf97516f9a9b54233dd81810398de07db40d47072f37d90b4225387fd2
+ 6 additional samples on MalwareBazaar
Result
Malware family:
quasar
Create hunting rule
Score:
  10/10
Tags:
family:quasar spyware trojan
Link:
https://tria.ge/reports/201109-cjc1qpv9cs/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Looks up external IP address via web service
Quasar RAT
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments