MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f
SHA3-384 hash:	6a183304dde674391028ea79e32fab48987ee25426111f819bcf54cb68328f908bf392a7de59aa12d2ee8f3892dd5ea4
SHA1 hash:	7fe90575b66b1ffd0a2a2b43edbde5932ea65a79
MD5 hash:	8bfc169a02c9f443d92d8420a49316a5
humanhash:	zulu-carpet-harry-kansas
File name:	d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f.hta
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	14'090 bytes
First seen:	2026-03-31 12:11:23 UTC
Last seen:	2026-03-31 12:48:22 UTC
File type:	hta
MIME type:	text/html
ssdeep	384:CVyn2ZF5Rf2uFumGFkUzFlP57ALTQGJrNO6JTQoYQgd9NcjrG13egTnFSWsu9d3D:CVwIw
TLSH	T19452782C09BDFA5993D9E307E699F7236D461CAFD2B975172AF38C68A0024C045EB4C7
Magika	html
Reporter	JAMESWT_WT
Tags:	checkmarx-zone fflexus-45433-portmap-host github-com--ashduasdoasdoasd hta QuasarRAT teampcp

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Gathering data

Detection(s):

TwinWave.EvilHTA.DridexEsqCigarettesNAlcohol.M2.20211202.UNOFFICIAL

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69ca86d53a18a6e1ddefc5e0

Tags:

obfuscate xtreme sage

Result

Verdict:

Malicious

File Type:

HTA File - Malicious

Link:

https://app.docguard.net/d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f/results/dashboard

Behaviour

BlacklistAPI detected

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 powershell

Link:

https://www.filescan.io/uploads/69cbba20972c219c8d735ad7/reports/e1a0ab6a-915f-4ff4-8b25-5a435fdb5921/overview

Verdict:

Malicious

Labled as:

VBS:Electryon.420

Link:

https://www.hybrid-analysis.com/sample/d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f

Verdict:

Malicious

File Type:

hta

First seen:

2026-03-30T11:27:00Z UTC

Last seen:

2026-03-31T08:00:00Z UTC

Hits:

~10

Detections:

Trojan-Downloader.Win32.Bitser.sb HEUR:Trojan.Script.Generic HEUR:Trojan.MSIL.Convagent.gen Backdoor.Win64.AdaptixC2.sb Backdoor.MSIL.PulsarRAT.sb Trojan.Win32.Inject.sb Trojan.MSIL.Agent.sb HEUR:Trojan-Banker.MSIL.ClipBanker.gen Trojan-Downloader.JS.SLoad.sb Trojan.JS.SAgent.sb HEUR:Trojan.Win32.Agentb.gen Trojan-PSW.MSIL.Agent.sb PDM:Exploit.Win32.Generic PDM:Trojan.Win32.Generic HEUR:Trojan.Win32.Generic VHO:Trojan-Downloader.MSIL.ShortLoader.gen

Link:

https://opentip.kaspersky.com/d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f/results?tab=lookup

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f/

Verdict:

Malicious

Threat:

Family.QUASAR

Link:

https://tip.neiki.dev/file/d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f

Threat name:

Script-WScript.Trojan.Electryon

Status:

Malicious

First seen:

2026-03-30 14:21:12 UTC

File Type:

Text (VBS)

AV detection:

10 of 36 (27.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3e7xznox4a55yfulz4c4u7q7322g63e5k3a3ouejclnq4swa6rpq._file

Result

Malware family:

quasar

Score:

10/10

Tags:

family:quasar discovery dropper execution persistence spyware trojan

Link:

https://tria.ge/reports/260331-pdcl5scy9v/

Behaviour

Scheduled Task/Job: Scheduled Task

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Contacts third-party web service commonly abused for C2

Checks computer location settings

Executes dropped EXE

Command and Scripting Interpreter: PowerShell

Download via BitsAdmin

Downloads MZ/PE file

Quasar RAT

Quasar family

Quasar payload

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample