QuasarRAT - Malware Samples
49 samples tracked (rolling 30 days)
Last updated: 2026-04-17
This page lists the most recent QuasarRAT malware samples collected from MalwareBazaar. Each entry includes the SHA256 hash (linked to the MalwareBazaar sample page), original file name, file type, size, and VirusTotal detection rate where available. Samples are updated daily and retained for a rolling 30-day window.
How to Use This Data
Security teams can use these hashes in several ways. Import them into your SIEM or EDR platform to detect known QuasarRAT variants in your environment. Cross-reference file names against your email gateway logs to identify phishing campaigns delivering this family. The file type distribution reveals which delivery formats are currently in use - a shift from .exe to .msi or .js may indicate the operators are adapting to your defenses. Samples with low or missing VirusTotal detection rates are the most dangerous - these are fresh variants that may bypass signature-based protection.
About the Data
All samples are sourced from MalwareBazaar, a free malware sample sharing platform operated by abuse.ch. Detection rates come from VirusTotal. This data is provided for defensive purposes only. For the latest QuasarRAT indicators of compromise including C2 servers and domains, see the IOC page.
| SHA256 | File Name | Type | Size | Detection | First Seen | Country |
|---|---|---|---|---|---|---|
| 7b50a77b13d232c2... | StartMenuExperienceHost.exe | exe | 3.4 MB | 56/70 | 2026-04-17 | - |
| ce59916ff52c012f... | SearchIndexer.exe | exe | 3.2 MB | 56/68 | 2026-04-17 | - |
| e9bf8b0cc4f99ab8... | client.exe | exe | 2.0 MB | 44/72 | 2026-04-16 | - |
| 70eae1c2d854c64b... | LetsVPN2.exe | exe | 36.2 MB | 15/72 | 2026-04-16 | - |
| 6029a278d4c0525b... | usbfallback.exe | exe | 3.1 MB | 61/71 | 2026-04-15 | - |
| 4259fab18ffddd4b... | start_qsr.ps1 | ps1 | 2.2 KB | 3/60 | 2026-04-14 | - |
| ee47323ef7a520b2... | aIg_173_55_2.zip | zip | 1.2 MB | 42/68 | 2026-04-14 | - |
| a44fd6518013d5ea... | aIg_173_55.zip | zip | 1.2 MB | 49/69 | 2026-04-14 | - |
| 59057eb3a372cf2c... | aIg.exe.88 | exe | 3.1 MB | 52/72 | 2026-04-14 | - |
| d6a46b51dae39f54... | aIg.exe | exe | 3.1 MB | 49/67 | 2026-04-14 | - |
| d856336054b054ee... | WindowsLogonService.bat | bat | 1.4 MB | 27/61 | 2026-04-14 | - |
| e647d4b39860c00a... | ScriptInstaller-main.zip | zip | 2.6 MB | 48/68 | 2026-04-14 | - |
| 6195c2773a6b83f5... | file | exe | 13.9 MB | 22/69 | 2026-04-13 | - |
| 65f89942f20de3e5... | XWorm 7.4.exe | exe | 2.4 MB | 41/72 | 2026-04-13 | - |
| a8db212713ae89c6... | a8db212713ae89c65692675a67f7ed7a9309b714d62f2.exe | exe | 7.1 MB | 25/72 | 2026-04-13 | - |
| 3b82b24a851210b9... | LetsVPN.exe | exe | 36.3 MB | 18/69 | 2026-04-12 | - |
| 047e637b1a13399f... | messenger_update.exe | exe | 3.1 MB | 49/63 | 2026-04-12 | - |
| e34fed678302c144... | LetsVPN.exe | exe | 36.2 MB | 19/72 | 2026-04-11 | - |
| abba492096dc11f6... | abba492096dc11f66969609fd9fd12775f41c2117d1e9011d02ddcac11e9bbfc.exe | exe | 2.2 MB | 33/72 | 2026-04-11 | - |
| d2e62ae95bb3b290... | sloppy indian malware script.ps1 | ps1 | 1.5 MB | 7/63 | 2026-04-10 | - |
| 585c1c3e0c92f1de... | file | exe | 4.6 MB | 50/71 | 2026-04-09 | - |
| 525f29f1529cd9df... | encrypted.hta | hta | 13.5 KB | 21/59 | 2026-04-09 | - |
| 8df4cc8b9c69f457... | prick.exe | exe | 899.0 KB | 51/66 | 2026-04-09 | - |
| bec11fac7d2d7ab8... | DetectionRateTesting.hta | hta | 13.6 KB | 21/58 | 2026-04-09 | - |
| 78b94a7b9317cd36... | encrypted.hta | hta | 13.3 KB | 23/62 | 2026-04-09 | - |
| 3b26ce148913d262... | go.bat | bat | 1.6 KB | 9/62 | 2026-04-09 | - |
| ee099bf393e389aa... | 00faadbd39a1aaabf35b789222110d80.exe | exe | 3.0 MB | 54/72 | 2026-04-09 | - |
| 7e076c82e891f6cc... | PulsarModified.exe | exe | 9.2 MB | 51/71 | 2026-04-07 | - |
| 7dd13cc4436b6ab1... | loader.exe | exe | 1.9 MB | 52/71 | 2026-04-07 | - |
| 07f86311a3fb9a91... | noice4.exe | exe | 3.1 MB | 53/66 | 2026-04-06 | - |
| 8fa996aa98960834... | file | exe | 4.7 MB | 49/72 | 2026-04-05 | - |
| aeaea1fb6584e08b... | Pulsar-Client.exe | exe | 890.5 KB | 54/72 | 2026-04-05 | - |
| 26f9bb2c2450b7b1... | Client-built.exe | exe | 3.3 MB | 50/61 | 2026-04-04 | - |
| 9469c0ecb56d9723... | Xeno.exe | exe | 631.5 KB | 49/68 | 2026-04-02 | - |
| 7d9b565d51db3371... | Client-built.exe | exe | 3.1 MB | 46/59 | 2026-04-02 | - |
| 2fe91ae0e4839ae3... | KLvpn_Installer.msi | msi | 28.3 MB | 6/59 | 2026-04-02 | - |
| 18a1f4ed77c4b109... | Client-built.exe.bin | exe | 2.6 MB | 55/70 | 2026-04-02 | - |
| 67f8d4097eb2a529... | Client-built.exe | exe | 348.0 KB | 58/68 | 2026-04-02 | - |
| 178f2fc720bda226... | 178f2fc720bda22645ce68e6e68e4a2ddfedbb59e2c4163171652a27f0db5bca | exe | 1.5 MB | 30/70 | 2026-04-01 | - |
| 2d22c06b34bc0cd6... | Cong_ty_Thuan_An.zip | zip | 1.2 MB | 22/67 | 2026-03-31 | - |
| 2f810da956fed7fa... | 2f810da956fed7faf74c8ce2cf65638ccdaa92b282dc7492592d7aedce280c44.dll | dll | 183.0 KB | 49/71 | 2026-03-31 | - |
| dc807e98a912e76b... | dc807e98a912e76bb17b82f71b21ae50375f3575316ba3751e733f1f35d537b3.bat | bat | 1.2 MB | 12/61 | 2026-03-31 | - |
| 8853de0df86223a9... | 8853de0df86223a9a810815f82167dd9970b934d7c0ef6b53b6d913c9fbc43ec.bat | bat | 1.2 MB | 16/61 | 2026-03-31 | - |
| 0de8543897c9b923... | 0de8543897c9b92326c552911780ac07e2972f50fa452cbc348f7303aea5b09f.bat | bat | 1.2 MB | 17/61 | 2026-03-31 | - |
| 62422d922905d43a... | test.hta | hta | 13.0 KB | 23/61 | 2026-03-31 | - |
| e0c0ff1a67b4aef8... | Pulsar.exe | exe | 954.5 KB | 54/71 | 2026-03-31 | - |
| a0dfd88d6209e14c... | aisurubotnetsucksfr.hta | hta | 13.1 KB | 21/61 | 2026-03-31 | - |
| 32f152ba15f960c5... | A.hta | hta | 13.2 KB | 20/61 | 2026-03-31 | - |
| d93f7cb5d7e03bdc... | d93f7cb5d7e03bdc168bcf05ca7e1fdeb46f6c9d56c1b7508912db0e4ac0f45f.hta | hta | 13.8 KB | 21/59 | 2026-03-31 | - |