MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd4e683e787dafe7c6bb47d515b2e13bbc649651aff82ceca9e0d9572f87a231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	cd4e683e787dafe7c6bb47d515b2e13bbc649651aff82ceca9e0d9572f87a231
SHA3-384 hash:	d32f8ffe8d53d838aeceb156f7aaeb878438f18b05be71229d230472893fdc6951e9866b216ac013bd8b38729197186b
SHA1 hash:	199030e41a48991d5b3c7db1ac1dd1c56f4657a8
MD5 hash:	46b1fa9aa8097d23afc613288613e5f6
humanhash:	neptune-montana-mexico-yankee
File name:	Payment-Swift059_PDF.zip
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	1'022'029 bytes
First seen:	2020-10-26 13:03:35 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:d/N2BSbu3dv39qspzkekJBdqWdr7rg65yo2n76l:d/Ncz3d4F/JBdqWdr7rB+nG
TLSH	F92533C8D34413A11A66142D2FFB5E260BC1D03D1D3D9AB1E3938C9BB1C5CD798EE9A2
Reporter	abuse_ch
Tags:	QuasarRAT RAT zip

abuse_ch

Malspam distributing QuasarRAT:

HELO: tonyhai
Sending IP: 103.225.25.6
From: Finance Team <krajcik@materian.ml>
Subject: RE: HCCI OUTSTANDING PAYMENT $59,459 USD
Attachment: Payment-Swift059_PDF.zip (contains "Payment-Swift059_PDF.exe")

QuasarRAT C2:
23.105.131.221:9000