Malware user has an option to select attributes and customize the executable to fit the needs of the attacker. The server-side component is also utilized to build malware samples which are eventually delivered to potential victims. The server is equipped with a graphical user interface and it is used for managing connections with the client-side programs. The RAT we are reviewing today consists of two main components – the server-side component and the client-side component. Since that time several third parties have adapted the RAT and issued their own version, both minor and major with the last major version being v. The last version of the malware which was developed by the original author is v. Over the course of its lifetime, the malware has been updated several times, improving its overall functionality. Quasar is an evolution of an older malware called xRAT and some of its samples can carry out as much as 16 malicious actions. Quasar RAT was first discovered in 2015 by security researchers, who, at the time, speculated that this RAT was written by an in-house development team after performing the analysis of a sample. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. The usage ranges from user support through day-to-day administrative work to employee monitoring.
Quasar is a fast and light-weight remote administration tool coded in C#. Being available to anybody with programming knowledge, Quasar screen About Quasar Quasar is a powerful open-source RAT equipped with a robust persistence mechanism and a complete feature set of capabilities.
This C# remote administration tool is known for it’s powerful functions and stability.
#Quasar rat how to
How to counteract an attack?Īlong with automated tools, educating employees on new phishing trends is the best way of countering a campaign such as this.Download the latest version of the Quasar bot.
#Quasar rat archive
The large archive size complicates the task of malware analysis. Quasar infects the program through a 401 MB self-extracting executable file downloaded from a server controlled by cybercriminals. Then an error message will be displayed, but at the same time, a malicious executable file will be downloaded and launched on the computer in the background”, - the experts explain.
#Quasar rat series
“When the macro runs successfully, a series of images will appear on the screen, supposedly loading the content, but at the same time adding a “garbage” line to the contents of the document.
#Quasar rat code
However, unlike other similar attacks in this case, the macro contains “ junk” code encoded in base64, designed to disable the analytical tools installed on the computer.
#Quasar rat password
After entering the password “ 123” indicated in the phishing message, the document requests activation of the macro.Ī password of “ 123” is not particularly inventive, but to an automated system that processes attachments separately from emails it means that the document will be opened and no malicious activity will be recorded because the system has not determined either a need for a password or what the password is. The program’s functionality includes the ability remotely connect to the desktop, record keystrokes and steal victims’ passwords, download and filter files, manage processes on an infected device, as well as take screenshots and record from web-cameras.Īs part of a new phishing campaign, attackers, under a mask of a resume, distribute password-protected Microsoft Word documents. Read also: Cybercriminals used Google Drive for targeted phishing Quasar is a well-known open source tool developed in C#, which has been repeatedly seen in the operations of various hacker groups, for example, APT33, APT10, Dropping Elephant, Stone Panda or The Gorgon Group. doc’ file attachment distributing Quasar RAT itself, because the document employs a multitude of measures to deter detection”, - report Cofense specialists. “Organizations find a higher degree of difficulty with the ‘. While fake resumes and other types of documents are a fairly common method for delivering malware, one of the features of the new campaign is usage of several methods that complicate the analysis of infection vectors. Cofense experts discovered a new phishing operation in which attackers infect Windows-based computers with Quasar Remote Administration Tool (RAT) using fake resumes.
0 kommentar(er)
