QuasarRAT - Indicators of Compromise

Name: QuasarRAT Indicators of Compromise
Creator: Yazoul Security
License: https://creativecommons.org/licenses/by-sa/4.0/

Last updated: 2026-04-18

Malicious URLs (57)

http://147.45.79.74:5001/client.exe
http://132.243.173.111:3000/aIg.exe
http://132.243.173.111:3000/aIg.exe.88
http://132.243.173.111:3000/aIg_173_55.zip
http://132.243.173.111:3000/start_qsr.ps1
http://132.243.173.111:3000/aIg_173_55_2.zip
https://raw.githubusercontent.com/demarcusnofatherington420-a11y/ScriptInstaller/refs/heads/main/encrypted.hta
https://raw.githubusercontent.com/demarcusnofatherington420-a11y/ScriptInstaller/refs/heads/main/WindowsLogonService.bat
https://raw.githubusercontent.com/demarcusnofatherington420-a11y/ScriptInstaller/refs/heads/main/DetectionRateTesting.hta
https://raw.githubusercontent.com/demarcusnofatherington420-a11y/RickOwens/refs/heads/main/encrypted.hta
https://especially-acrobat-rouge-dominant.trycloudflare.com/go.bat
https://epgoldsecurity.com/ShadoClient.exe
https://epgoldsecurity.com/ShadowClient.exe
http://192.177.26.196/files/8525074840/yxPIfd2.msi
http://192.177.26.196/files/8525074840/mdOjagm.bat
http://158.94.208.168/files/8042875554/QxknRPs.exe
http://196.251.107.24/q8348.exe
http://62.60.226.97:5553/saloreap.exe
http://158.94.208.7/files/8012574236/eIXHiiV.exe
http://158.94.208.7/files/8012574236/4aMmUA4.exe
http://158.94.208.7/files/1781548144/okR3iq0.exe
http://158.94.208.7/files/8635093259/TUzr0QP.exe
http://196.251.107.24/v4343.exe
http://158.94.208.7/files/8548282130/O43GJVa.exe
http://158.94.211.222/files/7942715918/1SbgglW.exe
http://158.94.211.222/files/7942715918/otRD45B.exe
http://158.94.211.222/files/8548282130/trP9KGI.exe
http://158.94.211.222/files/8548282130/trP9KGI.bat
https://raw.githubusercontent.com/evilgrou-tech/drive/refs/heads/main/launcher.bat
https://raw.githubusercontent.com/evilgrou-tech/drive/refs/heads/main/PZ-Reversals.ps1
https://raw.githubusercontent.com/evilgrou-tech/drive/refs/heads/main/forex.ps1
https://raw.githubusercontent.com/Administrator-hub/Data.Uploads/refs/heads/main/doiidieraupload.txt
http://130.12.180.43/files/7044575709/yQcmXNb.exe
http://91.232.103.250/cs2.exe
http://bmh-global.myfirewall.org/WORDS.exe
http://94.154.32.195/killxd.bat
https://94.154.32.195/killxd.bat
https://roverbot.info/killxd.bat
http://roverbot.info/killxd.bat
http://91.232.103.250/quasar.exe
http://91.232.103.250/color.exe
http://130.12.180.43/files/6260748665/SJlwfe0.exe
http://130.12.180.43/files/1773787694/RMnsgES.exe
http://floneimf.ydns.eu/webcontents/drsgtsrhydtesrtshtigushdfhsdufhuhdsfrgsthfxh/ibKUVSEfbgrnsrkgtsdzthsftgzhthsthsfg/contents.exe
http://130.12.180.43/files/6075866260/44NoKFh.exe
http://vereasw.ydns.eu/CH1.exe
http://friendly.ydns.eu/CH1.exe
http://130.12.180.43/files/8546428528/EE7OeTn.exe
http://130.12.180.43/files/8546428528/IyVls5r.exe
http://130.12.180.43/files/7972786482/xwn3Zn2.exe
http://130.12.180.43/files/7972786482/Cia2O5x.exe
http://130.12.180.43/files/7538357236/XxpGuvc.bat
http://130.12.180.43/files/6719008056/LR0D6Rm.bat
http://130.12.180.43/files/8468434805/fKDnWbX.exe
http://ilovehosting1.com/1.bat
http://130.12.180.43/files/7972786482/6TsgDw4.exe
http://62.60.226.97:5553/formy.exe

SHA256 Hashes (49)

7b50a77b13d232c264a0b2e0ade31332289b641637113f80677934f1bca688cb
ce59916ff52c012f87342f2ec7937f85e7f13fc72d37f077c2e0ea6d4ce01a07
e9bf8b0cc4f99ab868fbdbf3e90a6adcb867a7041f6201007a7844414ba0cc55
70eae1c2d854c64b120079ad58a824f13a7178886107ebaa2d804a5999963161
6029a278d4c0525bd9aaa754fcfb9c3c6b652249a26ff4592b42b9a9434d5d60
4259fab18ffddd4b40ca3097ddcf8a08d11c05717f975c50925d5670c0272ef2
ee47323ef7a520b254b12a6ca6fbe0c5f3196618e183c083c0e6512252ac7f30
a44fd6518013d5ea59142ddefbcb835dcd3fb2bd671f19fb59fca75f85dbab45
59057eb3a372cf2cd76e9bc534d64c44138b11f846b907ff8befcadba5fac988
d6a46b51dae39f549563ebe0b5ea1ae70082dc26385b45d661ad6bfca384cc8d
d856336054b054ee4b6aed66226e90dfca9a236e93012360b34001e75cf58693
e647d4b39860c00a49582b85d71507c556c23f618deaf6b5674326c665c12d6d
6195c2773a6b83f55aa9328638a601fb10a61c63c0b618e159c0f35082b11ecb
65f89942f20de3e5a32c37c38817e494dc139107a6abf4fdd1a9e52d7f40b053
a8db212713ae89c65692675a67f7ed7a9309b714d62f22f78286a075ff8bc52a
3b82b24a851210b94f8db3db951b4a3a0ee48438c36f8c845827ef4bd67d1760
047e637b1a13399fcd898b76dffa736e9644b041f35bf390c1c6cf302e6381eb
e34fed678302c144ab655ebfb54a2493551266bfdf66fd35c7e85c3c6000b592
abba492096dc11f66969609fd9fd12775f41c2117d1e9011d02ddcac11e9bbfc
d2e62ae95bb3b29044db0ee7f88c6c3a9839e6dceb41284214cf5b821bd268d0
585c1c3e0c92f1ded8d57fc754c884b0cc59fb918753f1bc46387284dc5df079
525f29f1529cd9dfcba262b012e9170e32b4ddb184e1367e2d503733710b5ca2
8df4cc8b9c69f45705eca485d0b21593995aaca8d86e4c6d2a692a06b576aebb
bec11fac7d2d7ab89aa30d81f2011c0de29647dde7098dc9aca72129bebb9896
78b94a7b9317cd36681d32daa672d072c7ee91f8d4a049834bd9ad5a8a0f01f8
3b26ce148913d262afb47286ff168053598036121a560f77e585d42628a8eeae
ee099bf393e389aa3bee9310c2d8b3dfd9b66df71a22a40574583555ad7261dc
7e076c82e891f6cc0bff69929c87259a24380b2cfbd893330d68174140aab3a1
7dd13cc4436b6ab1ca1a1ff321d11836f666e9e7bf0532db35833db799ffd336
07f86311a3fb9a91265e0874a162bba01c58c795a9c5c909484d9448a0dff4dc
8fa996aa98960834f1b64f07948d4d989715b7a39074081ee3b773a384926ca8
aeaea1fb6584e08b536a83866f2dfbf28b343098bf9c186c9b75642a60867ed8
26f9bb2c2450b7b10a5e56d760c3ab2c372f225d60456e32f4c25ee779be04b9
9469c0ecb56d97235377a1ef66799767e5c437e1c933a070276468cf47d1228a
7d9b565d51db33717821737a374b450beb95ccefe0905e9cc50260a8250b0d7c
2fe91ae0e4839ae3fb202495f0ab07bdd08c0f06209de131a1660d9a0c834836
18a1f4ed77c4b109d3bddf21854abc26376f8846d7d43af248e44341fab7012d
67f8d4097eb2a5294526c5991ec6c021ae5c23292bee25265ca6622e35ffb203
178f2fc720bda22645ce68e6e68e4a2ddfedbb59e2c4163171652a27f0db5bca
2d22c06b34bc0cd6aa01b638446526af9b043d146034f1ed9fa9b049133f1027
2f810da956fed7faf74c8ce2cf65638ccdaa92b282dc7492592d7aedce280c44
dc807e98a912e76bb17b82f71b21ae50375f3575316ba3751e733f1f35d537b3
8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec
0de8543897c9b92326c552911780ac07e2972f50fa452cbc348f7303aea5b09f
62422d922905d43ae0ca2917f7b6f95a539f3e477e084430aa643f0069b0054c
e0c0ff1a67b4aef85616887a3dc62612a20d599a7315fc29eacec29c8306783b
a0dfd88d6209e14c971713ccee2c6b4dd1dfd5eae40fd894e43917c41f456103
32f152ba15f960c54be6fa2ebaeadcb20211ae5aef0d3986dedc2578a7dc38a2
d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f

Data Sources

MalwareBazaar (abuse.ch) • ThreatFox (abuse.ch) • URLhaus (abuse.ch)

← QuasarRAT Overview All Families Threat Intel

QuasarRAT - Indicators of Compromise

Malicious URLs (57)

SHA256 Hashes (49)

Data Sources

Related