MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee1b2c9bdba344c7fe2dc2bec7544a038ad64dbed6add636ecdd426079296c28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QuasarRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee1b2c9bdba344c7fe2dc2bec7544a038ad64dbed6add636ecdd426079296c28
SHA3-384 hash: 61c1191cdcccc9b194be1f7230f5ff61b727d8364205b9ce8163fc384e6c95f4ece3c4b148b75ebbb3e4b7cddb12edfe
SHA1 hash: 23b4ac7ad0371bdd434a296cdbcc2d46fae723bb
MD5 hash: 508578e4e33982bb16fc6c468acf218f
humanhash: river-lake-don-april
File name:zDX4jxTK.exe
Download: download sample
Signature QuasarRAT
Create hunting rule
File size:356'352 bytes
First seen:2020-03-11 07:31:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:4q6bPXhLApfpKCmojoXakb2Ijs23MYisgNVq:zmhAp8ocK6xPgNVq
Threatray 83 similar samples on MalwareBazaar
TLSH 35747C1377A8D53BD1FE173BE432061517B0D846BB16E38B9A6846BCAC123868D917F3
Reporter johannes
Tags:QuasarRAT


Avatar
viql
quasarrat via https://pastebin.com/raw/zDX4jxTK

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6295765-0
Create hunting rule

Win.Malware.Generic-6623004-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Quasarrat
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 13:21:05 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0eaa5bbea25ef06214bc21deab41eb7f5bdcdd4c24b0297a28607d30edf65ae1
QuasarRAT
44ea4b14ee643709c87800d407e19e45d9f6a1f3bea15c00de3afcfba2614e8a
QuasarRAT
4c6c1c0d7925af6c2891164d67743204132fcc8ea3cda471c005f446ea1cfda1
QuasarRAT
51ad568171d6a835bc1edd45cfe1fee659085dfc4522ac3d93c1458688d44bd5
QuasarRAT
810bbf258484b94bf2e51c7fba2f8a19f6aaf1137c982d2d6a97e600159c16fa
QuasarRAT
904a518a8c867a1fd79e963fcdd317aa9f5a76eb6964b027cb0566d4a87102d7
QuasarRAT
9cdcc531878d3a23d2da833a058efa100b91d212e4d5780cb21d5d36db0cbd01
QuasarRAT
b71d6728f8709dc2b8b6a57bbd0ea7d27e78a0ea16af5eff61b2d11f983e0129
QuasarRAT
b7f09be3bf95632ac3219b3d402a419e9bc40a54a3fc6ac1c57c183798e525fe
QuasarRAT
d478602bac8b8f334f06644dd92fbe60cbba6815ced96503c7aab4df6f305e77
QuasarRAT
+ 73 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee1b2c9bdba344c7fe2dc2bec7544a038ad64dbed6add636ecdd426079296c28

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/zDX4jxTK

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments