Backdoor

Backdoor:Win32/QuasarRAT information

Malware Removal

The Backdoor:Win32/QuasarRAT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/QuasarRAT virus can do?

  • Sample contains Overlay data
  • Authenticode signature is invalid
  • CAPE detected the QuasarRAT malware family
  • Binary file triggered YARA rule

How to determine Backdoor:Win32/QuasarRAT?


File Info:

name: 73E1B9A71BCD6BAE207E.mlw
path: /opt/CAPEv2/storage/binaries/341c4d5dec45705184b6ca1584799c0913d41fcbb867135b897880db25abbdf5
crc32: B5F23C67
md5: 73e1b9a71bcd6bae207e74da740e4a6b
sha1: d383ccb53f0ee545ea94de5f435906434c580029
sha256: 341c4d5dec45705184b6ca1584799c0913d41fcbb867135b897880db25abbdf5
sha512: 86fe11a424976fb620a7b20fd106755d9356ffaf3cc0b9d9230275c72725690f4eb47799705c457d4098a0fc50934d776e823f4ffb3246d171f4e17e164bf866
ssdeep: 6144:uMNHXf500MU8zfjEm0beDmcCl/QOqNgJyCqv7j:fd505jwmZmcgSNgJyrv7j
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T175E68C13B7A8E93BE1FE1B3AE43207155BB0D847B616E3CB5A5855B92D133868D403B3
sha3_384: bdc3dd53c9c86903a22e2e52e2573581583ad50b36f52152388f7814aacf9c4cbdce230b282599a0ad2c5792dbef1a03
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-10-30 23:02:27

Version Info:

Comments:
CompanyName: portswigger
FileDescription: RunTbux
FileVersion: 21.1.1.4
InternalName: RunTbux
LegalCopyright: portswigger
LegalTrademarks: portswigger
OriginalFilename: RunTbux
ProductName: RunTbux
ProductVersion: 21.1.4.4
Assembly Version: 21.1.4.4
Translation: 0x0000 0x04b0

Backdoor:Win32/QuasarRAT also known as:

BkavW32.Common.99E9F0A9
AVGMSIL:Rat-B [Trj]
ElasticWindows.Trojan.Quasarrat
MicroWorld-eScanGeneric.MSIL.PasswordStealerA.788B6D77
FireEyeGeneric.mg.73e1b9a71bcd6bae
SkyhighGenericRXAG-WH!73E1B9A71BCD
McAfeeGenericRXAG-WH!73E1B9A71BCD
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Agent.Win32.3780676
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 00521dab1 )
AlibabaBackdoor:MSIL/QuasarRAT.a88cd026
K7GWTrojan ( 00521dab1 )
BitDefenderThetaGen:NN.ZemsilF.36802.@p3@aiYlsBe
VirITTrojan.Win32.Dnldr22.BHJG
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Spy.Agent.AES
APEXMalicious
AvastMSIL:Rat-B [Trj]
ClamAVWin.Packed.Generic-9829635-0
KasperskyTrojan.MSIL.Agent.foww
BitDefenderGeneric.MSIL.PasswordStealerA.788B6D77
NANO-AntivirusTrojan.Win32.Ric.kexhwu
TencentTrojan.Msil.Agent.zc
EmsisoftGeneric.MSIL.PasswordStealerA.788B6D77 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.DownLoader27.59888
VIPREGeneric.MSIL.PasswordStealerA.788B6D77
TrendMicroBackdoor.Win32.QUASARRAT.YXEANZ
SophosMal/Quasar-D
GDataMSIL.Backdoor.Quasar.D
JiangminTrojan.Generic.ajfvk
VaristW32/MSIL_Agent.DPM.gen!Eldorado
AviraTR/Dropper.Gen
MAXmalware (ai score=84)
Antiy-AVLTrojan/MSIL.Agent
KingsoftMSIL.Trojan.Agent.foww
ArcabitGeneric.MSIL.PasswordStealerA.788B6D77
ZoneAlarmTrojan.MSIL.Agent.foww
MicrosoftBackdoor:Win32/QuasarRAT
GoogleDetected
AhnLab-V3Trojan/Win32.RL_Subti.C4338875
VBA32Trojan.MSIL.Quasar.Heur
ALYacGeneric.MSIL.PasswordStealerA.788B6D77
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallBackdoor.Win32.QUASARRAT.YXEANZ
RisingBackdoor.xRAT!1.D01D (CLASSIC)
IkarusBackdoor.QuasarRat
MaxSecureTrojan.Malware.216104597.susgen
FortinetMSIL/Emotet.5C62!tr
DeepInstinctMALICIOUS
alibabacloudBackdoor:MSIL/Quasar.server

How to remove Backdoor:Win32/QuasarRAT?

Backdoor:Win32/QuasarRAT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment