MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103
SHA3-384 hash:	55988e1aad7edfecb8f18f4bdea66111f7f9a340e8402a0db718202a3bbd2c43c33d9ac460ab3d9e08affb1db2ebb72a
SHA1 hash:	4d8a9603838ab327e269a61ae6abd51b881bc76b
MD5 hash:	bb9622608fd681fe6f0fc48d25dc52e6
humanhash:	vermont-robin-music-early
File name:	aisurubotnetsucksfr.hta
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	13'416 bytes
First seen:	2026-03-31 12:47:04 UTC
Last seen:	Never
File type:	hta
MIME type:	text/html
ssdeep	384:+vcnjKfi7tdbJGFkzW3/Dy59AzZnX0BP+8MJcfmy1knN3r0arkjiIF58U1N/eyY2:wa
TLSH	T106528A2C19BDFA5993D9E213EA99F7236D461CAFD1B876172AF38C6CA0024C045DB4C7
Magika	html
Reporter	JAMESWT_WT
Tags:	github-com--ashduasdoasdoasd hta QuasarRAT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Gathering data

Detection(s):

TwinWave.EvilHTA.DridexEsqCigarettesNAlcohol.M2.20211202.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69cbc2793a18a6e1ddf0058a

Tags:

virus shell sage

Result

Verdict:

Malicious

File Type:

HTA File - Malicious

Link:

https://app.docguard.net/a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103/results/dashboard

Behaviour

BlacklistAPI detected

Verdict:

Malicious

Labled as:

VBS:Electryon.420

Link:

https://www.hybrid-analysis.com/sample/a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103

Verdict:

Malicious

File Type:

hta

First seen:

2026-03-31T09:57:00Z UTC

Last seen:

2026-04-01T00:47:00Z UTC

Hits:

~10

Detections:

Trojan-Downloader.Win32.Bitser.sb Trojan-Downloader.JS.SLoad.sb Trojan.MSIL.Agent.sb HEUR:Trojan.Win32.Generic HEUR:Trojan.Script.Generic HEUR:Trojan.MSIL.Convagent.gen Backdoor.MSIL.PulsarRAT.sb PDM:Trojan.Win32.Generic Trojan-PSW.MSIL.Agent.sb Trojan.JS.SAgent.sb HEUR:Trojan-Banker.MSIL.ClipBanker.gen PDM:Exploit.Win32.Generic

Link:

https://opentip.kaspersky.com/a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103/results?tab=lookup

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Html

Link:

https://app.malva.re/file/bb9622608fd681fe6f0fc48d25dc52e6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103/

Verdict:

Malicious

Threat:

Family.QUASAR

Link:

https://tip.neiki.dev/file/a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103

Threat name:

Script-WScript.Packed.Electryon

Status:

Malicious

First seen:

2026-03-31 12:42:26 UTC

File Type:

Text (VBS)

AV detection:

7 of 38 (18.42%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=udp5rdlcbhquzfyxcpgo4ldljxi57vpk4qh5rfhehel4ih2fmebq._file

Result

Malware family:

quasar

Score:

10/10

Tags:

family:quasar discovery dropper execution spyware trojan

Link:

https://tria.ge/reports/260331-p1a2tsdw2z/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Contacts third-party web service commonly abused for C2

Checks computer location settings

Command and Scripting Interpreter: PowerShell

Download via BitsAdmin

Downloads MZ/PE file

Quasar RAT

Quasar family

Quasar payload

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample