MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuasarRAT

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4
SHA3-384 hash:	c4122fdaeac2d24cfff789760ca16b73ce9c441d033a13e0b7d8feebc21fdc9c2e39e8afea1b6a89fe6f27705611b0e6
SHA1 hash:	d33da20381f9b1476aea6e0f4db50a086c3abe7a
MD5 hash:	84a9c13002099d6b3fe82db4b4637825
humanhash:	whiskey-georgia-thirteen-yellow
File name:	EUm8wXy9.exe
Download:	download sample
Signature	QuasarRAT Create hunting rule
File size:	613'888 bytes
First seen:	2020-03-17 11:30:48 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'647 x AgentTesla, 19'450 x Formbook, 12'201 x SnakeKeylogger)
ssdeep	12288:MobDq4R7MKCLqAB5jNBfyp8Sn0DDfwAp+V7:h7MKCLqAvLypX0/LQ
Threatray	511 similar samples on MalwareBazaar
TLSH	55D4E6027F15CE12F0491237D19F05084BB5D9816AE6E32B7DB9336D58263AB7D0ECEA
Reporter	johannes
Tags:	QuasarRAT

viql

quasarrat via https://pastebin.com/raw/EUm8wXy9

Intelligence

File Origin

# of uploads :

# of downloads :

108

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Generic-6623004-0

Win.Trojan.Generic-6898101-0

Win.Trojan.Generic-6898102-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Quasarrat

Status:

Malicious

First seen:

2020-03-18 12:58:04 UTC

AV detection:

28 of 31 (90.32%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=6c2dwbkhtwg54nqd55mh3ibjew3qhv6vxsbtezlkxhfh67qvkssa._file

Verdict:

malicious

Label(s):

agenttesla

QuasarRAT

23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374

QuasarRAT

3277c38c152ed39a94dbc50b60675ba3438631243837bf30ce65c996ceab524d

QuasarRAT

5d7470dd39f59feeb354918508f99d909e2e05a9bd41e4a180848f999cd00fb3

QuasarRAT

723080f3083b8428248cead3d4c3ad20883395e1d574f853bca15065d2217fad

QuasarRAT

7601104485381f818f5b171b8be6630c0f6b4792e14695e6146c876ff852cb3c

QuasarRAT

cb8cf6b203f27f3b42020653f940d2be826893d079035eac52d4d64e1102aa29

QuasarRAT

d0030a8a47fd678d6f9f2313fdeed1898fb667bcda9167215a90d64b7744d665

QuasarRAT

ef0116d9f61a26ad233dc3edc1990eb6c83b0398a593c65ef19f106008892eee

QuasarRAT

f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92

QuasarRAT

+ 501 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/EUm8wXy9

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample