MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d478602bac8b8f334f06644dd92fbe60cbba6815ced96503c7aab4df6f305e77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d478602bac8b8f334f06644dd92fbe60cbba6815ced96503c7aab4df6f305e77
SHA3-384 hash: 26108b884786ba6dd5dd80c762186487daf0b4c2eb732fbb97ac01eb06dfdc772f23a5a3a7a8f329a8271b837a1837e3
SHA1 hash: b21db08f0b7bcc777a98c03295977fabfcf609ca
MD5 hash: 6d98b69e20740a76d75d474e6d465b38
humanhash: london-fix-louisiana-kentucky
File name:VBLkmyjw.exe
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:356'352 bytes
First seen:2020-03-19 23:14:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 6144:+bNHXf500MpKeqA/GPtZb2xmCMOEYT9+wP6a09+duG:Ad50KdYWt0JEYRCa0sduG
Threatray 84 similar samples on MalwareBazaar
TLSH B7747C2373A4DA3BD6FD173AF43206164BB4D602B616E38B5A5C55F92C133868E943B3
Reporter johannes
Tags:QuasarRAT


Avatar
viql
quasarrat via https://pastebin.com/raw/VBLkmyjw

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6295765-0
Create hunting rule

Win.Malware.Generic-6623004-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Tinclex
Create hunting rule
Status:
Malicious
First seen:
2020-03-20 03:51:56 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2r4gak5mrohtgtygmrg5sl56mdf3u2avz3mwka6hvk2n63zqlz3q._file
Verdict:
malicious
Similar samples:
025432a99764f95f01790ed77271c9f52c44bd6f08763d4ea77b81afbcad6485
QuasarRAT
06749098537b1e1e031e5d568e5e6d3f0bd89ca921953909b42c271b0a3fe5f0
QuasarRAT
0936bab6d42d8ed4f6d2bcc30be32f3864376dd1da6575cabc4d681de87cb387
QuasarRAT
0eaa5bbea25ef06214bc21deab41eb7f5bdcdd4c24b0297a28607d30edf65ae1
QuasarRAT
17a3a230d310ff684cf08306fe34d13c9505ac612942875a19c98b5d000119b0
QuasarRAT
2ea29fa9ad61f55762d2d1d3ce608c3fdfe4007802514042552293ce86af0454
QuasarRAT
60d1ea55d2ecbd3f8289c2d11413ad2378551b8c87126d81483d18101bbd8e4a
QuasarRAT
759650986713eaf7fe5021ead7a0994f33767c14b6a7caf1079379b087df21fe
QuasarRAT
7ce2be23716a01fd869e33ae99de79a9c74da78f19f0fcb930da4de5bce49885
QuasarRAT
fec56ffb3c5a61bffba235044da127eae17d9772dbd3817b8a5ce8cad0e93cb1
QuasarRAT
+ 74 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d478602bac8b8f334f06644dd92fbe60cbba6815ced96503c7aab4df6f305e77

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/VBLkmyjw

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments