MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b71d6728f8709dc2b8b6a57bbd0ea7d27e78a0ea16af5eff61b2d11f983e0129. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b71d6728f8709dc2b8b6a57bbd0ea7d27e78a0ea16af5eff61b2d11f983e0129
SHA3-384 hash: e855dd173bb3892e75ffb136774c91f8362925a4f9688358c47cdc25e04f6a421f75e40970bbeb8440076999b0959482
SHA1 hash: e1f4501a7a19a77c424c480232354bbad099fd1d
MD5 hash: 0efa8034e4a1cebe550499990a5f835b
humanhash: delta-black-glucose-moon
File name:MLWV5Xwt.exe
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:356'352 bytes
First seen:2020-03-11 09:21:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:0q6bPXhLApfpxkgrBTyEdAb6t72iV7ETxtVRo+:HmhApxrgEd72iV7ETDVm+
Threatray 83 similar samples on MalwareBazaar
TLSH 4D748C1373E8DA3BD1FE173AE43249155BB0D487B616E39B5A5861F82C233868D903B3
Reporter johannes
Tags:QuasarRAT


Avatar
viql
quasarrat via https://pastebin.com/raw/MLWV5Xwt

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6295765-0
Create hunting rule

Win.Malware.Generic-6623004-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Tinclex
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 13:21:05 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0eaa5bbea25ef06214bc21deab41eb7f5bdcdd4c24b0297a28607d30edf65ae1
QuasarRAT
44ea4b14ee643709c87800d407e19e45d9f6a1f3bea15c00de3afcfba2614e8a
QuasarRAT
4c6c1c0d7925af6c2891164d67743204132fcc8ea3cda471c005f446ea1cfda1
QuasarRAT
51ad568171d6a835bc1edd45cfe1fee659085dfc4522ac3d93c1458688d44bd5
QuasarRAT
810bbf258484b94bf2e51c7fba2f8a19f6aaf1137c982d2d6a97e600159c16fa
QuasarRAT
904a518a8c867a1fd79e963fcdd317aa9f5a76eb6964b027cb0566d4a87102d7
QuasarRAT
9cdcc531878d3a23d2da833a058efa100b91d212e4d5780cb21d5d36db0cbd01
QuasarRAT
b7f09be3bf95632ac3219b3d402a419e9bc40a54a3fc6ac1c57c183798e525fe
QuasarRAT
d478602bac8b8f334f06644dd92fbe60cbba6815ced96503c7aab4df6f305e77
QuasarRAT
ee1b2c9bdba344c7fe2dc2bec7544a038ad64dbed6add636ecdd426079296c28
QuasarRAT
+ 73 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b71d6728f8709dc2b8b6a57bbd0ea7d27e78a0ea16af5eff61b2d11f983e0129

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/MLWV5Xwt

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments