MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9cc1e3e650b0782f8aa818b7704274cfbc66a966c1515b30d40bf090c761223. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d9cc1e3e650b0782f8aa818b7704274cfbc66a966c1515b30d40bf090c761223
SHA3-384 hash: 90572a331b823793ddb9271f6176886ce1d78e84b7e83f4a7f0c1f5a2314cc6e0ffe01843f70a0a6f7c35f1e6b8263cb
SHA1 hash: d6d69f9e55013428dd57f4448f80abc87274c1e8
MD5 hash: 1c2a1d0593e6c1c1d0b8d86bbb1c380c
humanhash: thirteen-equal-california-pizza
File name:SecuriteInfo.com.AutoIT_Compiled.19904.11812
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:1'220'608 bytes
First seen:2021-07-09 10:35:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc7a1e26cc7fb001a117e16565a090cb (1 x QuasarRAT)
ssdeep 24576:AjVCYPDt6276zoHa7hV3qYBDhKhhRL6/h65yuqNvi/1rV4ZFX9qN:AjVCYrt62mzoHohV3qYBDhKhhJKhZFNh
Threatray 15 similar samples on MalwareBazaar
TLSH T1A3458D0733A2C0E8DE6790B6CA259233D7727C1507289BDB64E07D2EEF93A915B36711
Reporter SecuriteInfoCom
Tags:exe QuasarRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.AutoIT_Compiled.19904.11812
Verdict:
No threats detected
Analysis date:
2021-07-09 10:41:16 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/560a2c66-0e15-4beb-8104-96d5735774c7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170644/
Detection(s):
SecuriteInfo.com.AutoIT_Compiled.19904.11812.UNOFFICIAL
Create hunting rule

ditekSHen.MALWARE.Win.Trojan.RedLineDropper-AHK.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
AHK RAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d746098e-cfcb-4126-9809-d79ba6c31e5e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/813942
Signature
Contains functionality to detect sleep reduction / modifications
Sample or dropped binary is a compiled AutoHotkey binary
Uses Windows timers to delay execution
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d9cc1e3e650b0782f8aa818b7704274cfbc66a966c1515b30d40bf090c761223/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-09 08:12:18 UTC
AV detection:
4 of 29 (13.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3hgb4ptfbmdyf6fkqgfxobbhjt54m2uwnqkrlmynic7qsddwcirq._file
Verdict:
unknown
Similar samples:
0a9964fe0e0fb3f0679df317a65f9945c474dab8c4370b45b93da64a8b201b9f
QuasarRAT
0aa0c65b1c37512536706d22a19af44e4ba91f8406bee0b1cdf691a050e8e7f0
QuasarRAT
0f12408c06ccf60608a60572d521bbc8012e6ce7e0d701781a0a33e0e1fd1519
QuasarRAT
3deec916d94fabdc65168ebd8b5f072a702781064d13b10700d9a52998a669a3
QuasarRAT
5717e18c6e9c6970f2ccefd15363918464d0662eb016c5b89fb9169339aa338c
QuasarRAT
5ea670d23777834e3558c073f19e5abcb1d21f63b088af73216006accf7280a5
QuasarRAT
bfd12725c557e1a9992dccff4257290adec43be6315f68471af0d26c9fa662ad
QuasarRAT
c3a382298e7b40c769094035a49abe71314c89509848cd9485467c2179193a0f
QuasarRAT
f923c5ce0a44f73f86dbb04d02905e0e0068d675f6095680b41d904380800e17
QuasarRAT
fc1b36e39f87cff2c9076a7e8316af297255a92824338b19b69022b47a47daa6
QuasarRAT
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210709-4rrl1xwl5n/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Unpacked files
SH256 hash:
d9cc1e3e650b0782f8aa818b7704274cfbc66a966c1515b30d40bf090c761223
MD5 hash:
1c2a1d0593e6c1c1d0b8d86bbb1c380c
SHA1 hash:
d6d69f9e55013428dd57f4448f80abc87274c1e8
Link:
https://www.unpac.me/results/8df1a49b-c855-4316-8482-934c43345bce/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d9cc1e3e650b0782f8aa818b7704274cfbc66a966c1515b30d40bf090c761223

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:dsc
Create hunting rule
Author:Aaron DeVera
Description:Discord domains

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

QuasarRAT

Executable exe d9cc1e3e650b0782f8aa818b7704274cfbc66a966c1515b30d40bf090c761223

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1438142/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/170644/

Comments