In the second part, we unwrap #QuasarRAT, a popular .NET remote access trojan, and show how to extract its encrypted configuration out of the binary.
buff.ly/agWWCnp
buff.ly/agWWCnp
December 15, 2025 at 1:54 PM
In the second part, we unwrap #QuasarRAT, a popular .NET remote access trojan, and show how to extract its encrypted configuration out of the binary.
buff.ly/agWWCnp
buff.ly/agWWCnp
Delving into QuasarRAT: Exploring its evolution from a legitimate tool to a cybercriminal's asset, its core functionalities, and the advanced obfuscation techniques that challenge cybersecurity defenses. #QuasarRAT #CyberSecurity #MalwareAnalysis Link: thedailytechfeed.com/quasarrats-e...
December 9, 2025 at 6:11 PM
Delving into QuasarRAT: Exploring its evolution from a legitimate tool to a cybercriminal's asset, its core functionalities, and the advanced obfuscation techniques that challenge cybersecurity defenses. #QuasarRAT #CyberSecurity #MalwareAnalysis Link: thedailytechfeed.com/quasarrats-e...
Sekoia TDR unwraps QuasarRAT, a popular .NET remote access trojan, and demonstrates how to locate and decrypt its embedded configuration. The article walks through a systematic workflow that works on both clean and obfuscated samples. blog.sekoia.io/advent-of-co...
December 9, 2025 at 11:13 AM
Sekoia TDR unwraps QuasarRAT, a popular .NET remote access trojan, and demonstrates how to locate and decrypt its embedded configuration. The article walks through a systematic workflow that works on both clean and obfuscated samples. blog.sekoia.io/advent-of-co...
QuasarRAT’s Silent Comeback in 2025: The NET Trojan That Never Died
Introduction: A Threat That Refuses to Fade QuasarRAT has been circulating through the cyber underworld for more than a decade, yet its influence has not diminished. Instead, it has evolved into one of the most persistent tools in…
Introduction: A Threat That Refuses to Fade QuasarRAT has been circulating through the cyber underworld for more than a decade, yet its influence has not diminished. Instead, it has evolved into one of the most persistent tools in…
QuasarRAT’s Silent Comeback in 2025: The NET Trojan That Never Died
Introduction: A Threat That Refuses to Fade QuasarRAT has been circulating through the cyber underworld for more than a decade, yet its influence has not diminished. Instead, it has evolved into one of the most persistent tools in modern intrusion campaigns. Originally advertised as a legitimate administrative utility, it gradually slipped into the hands of threat actors who recognized its potential for espionage and covert system control.
undercodenews.com
December 9, 2025 at 4:15 AM
QuasarRAT’s Silent Comeback in 2025: The NET Trojan That Never Died
Introduction: A Threat That Refuses to Fade QuasarRAT has been circulating through the cyber underworld for more than a decade, yet its influence has not diminished. Instead, it has evolved into one of the most persistent tools in…
Introduction: A Threat That Refuses to Fade QuasarRAT has been circulating through the cyber underworld for more than a decade, yet its influence has not diminished. Instead, it has evolved into one of the most persistent tools in…
QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed
QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed
cybersecuritynews.com
December 8, 2025 at 4:14 PM
QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed
~Sekoia~
Technical walkthrough on extracting encrypted configurations from both clean and obfuscated samples of the QuasarRAT .NET malware.
-
IOCs: (None identified)
-
#QuasarRAT #RAT #ThreatIntel
Technical walkthrough on extracting encrypted configurations from both clean and obfuscated samples of the QuasarRAT .NET malware.
-
IOCs: (None identified)
-
#QuasarRAT #RAT #ThreatIntel
Extracting QuasarRAT's Encrypted Configuration
blog.sekoia.io
December 8, 2025 at 12:34 PM
~Sekoia~
Technical walkthrough on extracting encrypted configurations from both clean and obfuscated samples of the QuasarRAT .NET malware.
-
IOCs: (None identified)
-
#QuasarRAT #RAT #ThreatIntel
Technical walkthrough on extracting encrypted configurations from both clean and obfuscated samples of the QuasarRAT .NET malware.
-
IOCs: (None identified)
-
#QuasarRAT #RAT #ThreatIntel
Interesting #OpenDir on #QuasarRat C2 server 185.208.159[.]161:8000 . The open web directory includes source code for a backdoor + misc development artifacts.
https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161
#malware #thread 🧵
https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161
#malware #thread 🧵
October 7, 2025 at 1:00 PM
Interesting #OpenDir on #QuasarRat C2 server 185.208.159[.]161:8000 . The open web directory includes source code for a backdoor + misc development artifacts.
https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161
#malware #thread 🧵
https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161
#malware #thread 🧵
RevengeHotels usa LLM e VenomRAT contro hotel LATAM: catena d’infezione, TTP, IOC e difese per SOC e CISO.
#AI #LLM #malware #phishing #QuasarRAT #RevengeHotels #TA558 #VenomRAT
www.matricedigitale.it/2025/09/17/r...
#AI #LLM #malware #phishing #QuasarRAT #RevengeHotels #TA558 #VenomRAT
www.matricedigitale.it/2025/09/17/r...
September 17, 2025 at 8:34 PM
RevengeHotels usa LLM e VenomRAT contro hotel LATAM: catena d’infezione, TTP, IOC e difese per SOC e CISO.
#AI #LLM #malware #phishing #QuasarRAT #RevengeHotels #TA558 #VenomRAT
www.matricedigitale.it/2025/09/17/r...
#AI #LLM #malware #phishing #QuasarRAT #RevengeHotels #TA558 #VenomRAT
www.matricedigitale.it/2025/09/17/r...
3/3
DarkSamural’s false-flag tactics used Vietnamese branding to obscure Patchwork’s role. The group deployed tools like BADNEWS, QuasarRAT & Mythic to evade defenses. South Asian orgs must harden email filtering & detection.
#Patchwork #ThreatIntel #Malware #Infosec #APT
DarkSamural’s false-flag tactics used Vietnamese branding to obscure Patchwork’s role. The group deployed tools like BADNEWS, QuasarRAT & Mythic to evade defenses. South Asian orgs must harden email filtering & detection.
#Patchwork #ThreatIntel #Malware #Infosec #APT
September 10, 2025 at 11:13 AM
3/3
DarkSamural’s false-flag tactics used Vietnamese branding to obscure Patchwork’s role. The group deployed tools like BADNEWS, QuasarRAT & Mythic to evade defenses. South Asian orgs must harden email filtering & detection.
#Patchwork #ThreatIntel #Malware #Infosec #APT
DarkSamural’s false-flag tactics used Vietnamese branding to obscure Patchwork’s role. The group deployed tools like BADNEWS, QuasarRAT & Mythic to evade defenses. South Asian orgs must harden email filtering & detection.
#Patchwork #ThreatIntel #Malware #Infosec #APT
Guess we're back to these...:
http://episode-windsor-subdivision-delivery.trycloudflare\\.com
https://lol-julian-impossible-bermuda.trycloudflare\\.com
https://italia-committees-practical-violence.trycloudflare\\.com
#AsyncRAT #purehvnc #quasarrat
jskeywon […]
[Original post on infosec.exchange]
http://episode-windsor-subdivision-delivery.trycloudflare\\.com
https://lol-julian-impossible-bermuda.trycloudflare\\.com
https://italia-committees-practical-violence.trycloudflare\\.com
#AsyncRAT #purehvnc #quasarrat
jskeywon […]
[Original post on infosec.exchange]
August 20, 2025 at 5:21 PM
Guess we're back to these...:
http://episode-windsor-subdivision-delivery.trycloudflare\\.com
https://lol-julian-impossible-bermuda.trycloudflare\\.com
https://italia-committees-practical-violence.trycloudflare\\.com
#AsyncRAT #purehvnc #quasarrat
jskeywon […]
[Original post on infosec.exchange]
http://episode-windsor-subdivision-delivery.trycloudflare\\.com
https://lol-julian-impossible-bermuda.trycloudflare\\.com
https://italia-committees-practical-violence.trycloudflare\\.com
#AsyncRAT #purehvnc #quasarrat
jskeywon […]
[Original post on infosec.exchange]
Nikola Knežević created an overview of AsyncRAT forks and how they relate to each other. Great research.
#AsyncRAT #QuasarRAT
www.welivesecurity.com/en/eset-rese...
#AsyncRAT #QuasarRAT
www.welivesecurity.com/en/eset-rese...
July 16, 2025 at 5:25 AM
Nikola Knežević created an overview of AsyncRAT forks and how they relate to each other. Great research.
#AsyncRAT #QuasarRAT
www.welivesecurity.com/en/eset-rese...
#AsyncRAT #QuasarRAT
www.welivesecurity.com/en/eset-rese...
State-sponsored groups (Kimsuky, etc.) use "ClickFix"—fake error messages on malicious websites—to trick victims into downloading malware (QuasarRAT, etc.) via PowerShell. Think tanks, Middle Eastern orgs, and arms makers were targeted.#ClickFixMalwareCampaign
April 20, 2025 at 8:06 PM
State-sponsored groups (Kimsuky, etc.) use "ClickFix"—fake error messages on malicious websites—to trick victims into downloading malware (QuasarRAT, etc.) via PowerShell. Think tanks, Middle Eastern orgs, and arms makers were targeted.#ClickFixMalwareCampaign
"Around the World in 90 Days: State-Sponsored Actors Try ClickFix" published by Proofpoint. #ClickFix, #QuasarRAT, #TA427, #DPRK, #CTI https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix
April 17, 2025 at 1:30 PM
"Around the World in 90 Days: State-Sponsored Actors Try ClickFix" published by Proofpoint. #ClickFix, #QuasarRAT, #TA427, #DPRK, #CTI https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners reconbee.com/hackers-expl...
#hackers #PHP #PHPflaw #quasarRAT #remoteaccesstrojan #XMRigminers #cyberattacks
#hackers #PHP #PHPflaw #quasarRAT #remoteaccesstrojan #XMRigminers #cyberattacks
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
were found were simple vulnerability testing read more about Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners.
reconbee.com
March 20, 2025 at 5:52 AM
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners reconbee.com/hackers-expl...
#hackers #PHP #PHPflaw #quasarRAT #remoteaccesstrojan #XMRigminers #cyberattacks
#hackers #PHP #PHPflaw #quasarRAT #remoteaccesstrojan #XMRigminers #cyberattacks
Ya'll will start seeing more files signed by Microsoft.
Please report them to centralpki@microsoft[.com or just tag me at a minimum, please.
Microsoft has been good at revoking them
This week I saw
Lumma Infostealer
QuasarRAT
CobaltStrike (C2: uuuqf[.]com)
www.virustotal.com/gui/file/401...
Please report them to centralpki@microsoft[.com or just tag me at a minimum, please.
Microsoft has been good at revoking them
This week I saw
Lumma Infostealer
QuasarRAT
CobaltStrike (C2: uuuqf[.]com)
www.virustotal.com/gui/file/401...
March 14, 2025 at 11:06 AM
Ya'll will start seeing more files signed by Microsoft.
Please report them to centralpki@microsoft[.com or just tag me at a minimum, please.
Microsoft has been good at revoking them
This week I saw
Lumma Infostealer
QuasarRAT
CobaltStrike (C2: uuuqf[.]com)
www.virustotal.com/gui/file/401...
Please report them to centralpki@microsoft[.com or just tag me at a minimum, please.
Microsoft has been good at revoking them
This week I saw
Lumma Infostealer
QuasarRAT
CobaltStrike (C2: uuuqf[.]com)
www.virustotal.com/gui/file/401...
Does anyone have anyways of getting QuasarRAT to work?
Does anyone have anyways of getting QuasarRAT to work?
github.com
January 11, 2025 at 7:09 AM
Does anyone have anyways of getting QuasarRAT to work?
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT reconbee.com/malicious-ob...
#NPMpackage #disguised #Ethereumtool #QuasarRAT #RAT #remoteaccesstrojan #cybersecurity #cybersec #cyberattacks
#NPMpackage #disguised #Ethereumtool #QuasarRAT #RAT #remoteaccesstrojan #cybersecurity #cybersec #cyberattacks
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
install it on Windows systems read more about Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
reconbee.com
January 3, 2025 at 2:49 PM
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT reconbee.com/malicious-ob...
#NPMpackage #disguised #Ethereumtool #QuasarRAT #RAT #remoteaccesstrojan #cybersecurity #cybersec #cyberattacks
#NPMpackage #disguised #Ethereumtool #QuasarRAT #RAT #remoteaccesstrojan #cybersecurity #cybersec #cyberattacks
🚨 Alert: Watch out as this new malicious NPM package installs #QuasarRAT instead of scanning for ETH contract vulnerabilities. ⚠️
Read: hackread.com/npm-package-...
#CyberSecurity #NPM #Malware #Ethereum
Read: hackread.com/npm-package-...
#CyberSecurity #NPM #Malware #Ethereum
NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
hackread.com
January 3, 2025 at 11:16 AM
🚨 Alert: Watch out as this new malicious NPM package installs #QuasarRAT instead of scanning for ETH contract vulnerabilities. ⚠️
Read: hackread.com/npm-package-...
#CyberSecurity #NPM #Malware #Ethereum
Read: hackread.com/npm-package-...
#CyberSecurity #NPM #Malware #Ethereum
Scoperto un pacchetto npm che distribuisce Quasar RAT. Scopri come proteggerci da minacce alla supply chain software.
#cybersecurity #ethereum #malevolo #npm #pacchettonpm #QuasarRAT #supplychain
www.matricedigitale.it/sicurezza-in...
#cybersecurity #ethereum #malevolo #npm #pacchettonpm #QuasarRAT #supplychain
www.matricedigitale.it/sicurezza-in...
January 2, 2025 at 10:51 AM
Scoperto un pacchetto npm che distribuisce Quasar RAT. Scopri come proteggerci da minacce alla supply chain software.
#cybersecurity #ethereum #malevolo #npm #pacchettonpm #QuasarRAT #supplychain
www.matricedigitale.it/sicurezza-in...
#cybersecurity #ethereum #malevolo #npm #pacchettonpm #QuasarRAT #supplychain
www.matricedigitale.it/sicurezza-in...
LilacSquid APT Employs Open Source Tools, QuasarRAT
LilacSquid APT Employs Open Source Tools, QuasarRAT
The previously unknown threat actor uses tools similar to those used by North Korean APT groups, according to Cisco Talos.
www.darkreading.com
May 31, 2024 at 8:17 PM
LilacSquid APT Employs Open Source Tools, QuasarRAT
I'm excited to share the launch of a new blog I have collaborated on with my team, focusing on a new advanced persistent threat (APT) we’re calling #LilacSquid and some custom malware, including a customized version of #QuasarRAT we’re calling #PurpleInk.
blog.talosintelligence.com/lilacsquid/
blog.talosintelligence.com/lilacsquid/
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.
blog.talosintelligence.com
May 30, 2024 at 1:27 PM
I'm excited to share the launch of a new blog I have collaborated on with my team, focusing on a new advanced persistent threat (APT) we’re calling #LilacSquid and some custom malware, including a customized version of #QuasarRAT we’re calling #PurpleInk.
blog.talosintelligence.com/lilacsquid/
blog.talosintelligence.com/lilacsquid/
I've come across some instances today where the TAs forgot to change the C2 configs from localhost when building their #QuasarRAT binaries. It's so funny when they mess up:
November 20, 2024 at 4:55 PM
I've come across some instances today where the TAs forgot to change the C2 configs from localhost when building their #QuasarRAT binaries. It's so funny when they mess up:
svchost was the real winner
svchost in PDB:
BALLCONTROL
TREASUREMAP
GhostShell
TAIDOOR
EternalRocks
svchost in OriginalFilename:
Zebrocy
CASPER
GH0ST_RAT
MarkiRAT
GhostEmperor
Skipper
svchost in DLLName:
QUASARRAT
DUSTPAN
TAIDOOR
SIG31
QUICKHEAL
TypeHash
XDll
Carbon
Uroburos
svchost in PDB:
BALLCONTROL
TREASUREMAP
GhostShell
TAIDOOR
EternalRocks
svchost in OriginalFilename:
Zebrocy
CASPER
GH0ST_RAT
MarkiRAT
GhostEmperor
Skipper
svchost in DLLName:
QUASARRAT
DUSTPAN
TAIDOOR
SIG31
QUICKHEAL
TypeHash
XDll
Carbon
Uroburos
December 1, 2024 at 5:30 AM
svchost was the real winner
svchost in PDB:
BALLCONTROL
TREASUREMAP
GhostShell
TAIDOOR
EternalRocks
svchost in OriginalFilename:
Zebrocy
CASPER
GH0ST_RAT
MarkiRAT
GhostEmperor
Skipper
svchost in DLLName:
QUASARRAT
DUSTPAN
TAIDOOR
SIG31
QUICKHEAL
TypeHash
XDll
Carbon
Uroburos
svchost in PDB:
BALLCONTROL
TREASUREMAP
GhostShell
TAIDOOR
EternalRocks
svchost in OriginalFilename:
Zebrocy
CASPER
GH0ST_RAT
MarkiRAT
GhostEmperor
Skipper
svchost in DLLName:
QUASARRAT
DUSTPAN
TAIDOOR
SIG31
QUICKHEAL
TypeHash
XDll
Carbon
Uroburos
QuasarRAT is another open source C2 framework #TheC2Matrix that is Windows only. Will point out before @QW5kcmV3 does that this is used by malicious actors as well. Like most things, they may be used for bad or good. #adversaryemulation #redteam https://github.com/quasar/QuasarRAT
GitHub - quasar/Quasar: Remote Administration Tool for Wi...
Remote Administration Tool for Windows. Contribute to qua...
github.com
December 1, 2024 at 1:46 AM
QuasarRAT is another open source C2 framework #TheC2Matrix that is Windows only. Will point out before @QW5kcmV3 does that this is used by malicious actors as well. Like most things, they may be used for bad or good. #adversaryemulation #redteam https://github.com/quasar/QuasarRAT