MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea8d7f024d9d6a84127fe2873d556b7f97525b9815270633b8087b2c9e24389b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 11

Intelligence 11 IOCs YARA 4 File information Comments

SHA256 hash:	ea8d7f024d9d6a84127fe2873d556b7f97525b9815270633b8087b2c9e24389b
SHA3-384 hash:	25c2961533bff53f1b93b7ba7e292d05dcdc71673262c433d67316aa72d90c2b7895caaf51d9db134385bcb16e71e7bb
SHA1 hash:	d15c1f791dd67d791d99e322e41c6c08ec1dae4a
MD5 hash:	10a333cb56b506bbe24a2789c7777b98
humanhash:	ceiling-lactose-alabama-zebra
File name:	syn.bat
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	9'376'662 bytes
First seen:	2025-10-23 21:28:03 UTC
Last seen:	Never
File type:	bat
MIME type:	text/plain
ssdeep	49152:wltJ14cht2JXP46/Y8cuvzgdDr5CRBN+hEvLW7cImQv3vc/nsvLYcqOliWoxbcR+:d
Threatray	1'376 similar samples on MalwareBazaar
TLSH	T1CC9633215F7E4FBE8B7C319C106F2F4F26688D80880469F6B7D2F86E66CED15195702A
Magika	txt
Reporter	01Xyris
Tags:	bat exe QuasarRAT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

quasar

ID:

File name:

syn.bat

Verdict:

Malicious activity

Analysis date:

2025-10-23 21:29:10 UTC

Tags:

susp-powershell quasar

Link:

https://app.any.run/tasks/700a1d60-4a9d-4033-b97d-4e0498431dc9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/33968/

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68fa9e296c859164aa63b8ec

Tags:

metasploit vmdetect

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching a process

Creating a window

Сreating synchronization primitives

Connection attempt

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 evasive obfuscated packed powershell reconnaissance

Link:

https://www.filescan.io/uploads/68fa9ea03a79800405f3c76a/reports/1e029725-ad2a-47ff-952f-0471c035ff8b/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/ea8d7f024d9d6a84127fe2873d556b7f97525b9815270633b8087b2c9e24389b

Verdict:

Clean

File Type:

text

Link:

https://opentip.kaspersky.com/ea8d7f024d9d6a84127fe2873d556b7f97525b9815270633b8087b2c9e24389b/results?tab=lookup

Score:

97%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/ea8d7f024d9d6a84127fe2873d556b7f97525b9815270633b8087b2c9e24389b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ea8d7f024d9d6a84127fe2873d556b7f97525b9815270633b8087b2c9e24389b/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/ea8d7f024d9d6a84127fe2873d556b7f97525b9815270633b8087b2c9e24389b

Threat name:

Text.Trojan.Generic

Status:

Suspicious

First seen:

2025-10-23 21:33:38 UTC

File Type:

Text

AV detection:

3 of 24 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5kgx6asntvviiet74kdt2vllp6lvew4ycutqmm5ybb5szhrehcnq._file

Verdict:

malicious

Label(s):

quasarrat

QuasarRAT

49c0cc5f278c0e3c372a9ef3029697cd36da5cf25ff2f817bbf4256dd3f1f4df

QuasarRAT

5e532dc348cea226907ee286cc623670b87c8f642262ea771b226b7b684fc7d9

QuasarRAT

b98bd65a0927c3dfc381b13df96e666fa2bb5bead3284864bc904b3ad657a6dc

QuasarRAT

c1b011778271c50b58e7d1cc972434f98671118a3dd381dc4fd5f52b5f2c42a2

QuasarRAT

error

QuasarRAT

+ 1'366 additional samples on MalwareBazaar

Result

Malware family:

quasar

Score:

10/10

Tags:

family:quasar botnet:office04 execution spyware trojan

Link:

https://tria.ge/reports/251023-1cqyxstrgz/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Quasar RAT

Quasar family

Quasar payload

Malware Config

C2 Extraction:

127.0.0.1:4782

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

iSpy Keylogger

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ea8d7f024d9d6a84127fe2873d556b7f97525b9815270633b8087b2c9e24389b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques

Rule name:	Warp Create hunting rule
Author:	Seth Hardy
Description:	Warp

Rule name:	WarpStrings Create hunting rule
Author:	Seth Hardy
Description:	Warp Identifying Strings

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/33968/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample