Quasar Rat

Malware updated a year ago (2024-11-29T13:35:53.419Z)

Download STIX

Preview STIX

Quasar RAT is a type of malware, or malicious software, that is designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Quasar RAT has been observed in use alongside other malware samples like Remcos RAT, with both using the same beacon IP addresses. Additionally, there have been instances where a MoonPeak server was seen connecting with a known Command & Control (C2) server for Quasar RAT, a tool associated with the Kimsuky group, indicating its widespread usage among threat actors. In some cases, threat actors have modified versions of Quasar RAT for specific attacks. For instance, a version of Quasar RAT was altered to steal financial credentials, repurposing this espionage tool into a banking Trojan aimed at customers of financial institutions in Colombia. This demonstrates the flexibility and adaptability of Quasar RAT, allowing cybercriminals to tailor its functionality to suit their objectives. Quasar RAT has also been involved in phishing campaigns targeting organizations in the U.S. and India. The MULTI#STORM phishing campaign used a multi-stage attack chain that culminated in the deployment of various Remote Access Trojans (RATs), including Quasar RAT. These attacks highlight the global reach of this malware and its prevalence in sophisticated cyberattacks. In response to these threats, cybersecurity firms have been actively investigating and countering attacks involving Quasar RAT, such as the ones against Ukrainian targets earlier this year.

Description last updated: 2024-11-21T10:47:10.418Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Rat

Trojan

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The AsyncRAT Malware is associated with Quasar Rat. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, ra	Unspecified	3
The Venomrat Malware is associated with Quasar Rat. VenomRAT is a sophisticated piece of malware that was discovered by security researchers, designed to exploit and damage computer systems. The malicious software infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Kimsuky Threat Actor is associated with Quasar Rat. Kimsuky is a threat actor group linked to North Korea, known for its malicious cyber activities with a particular focus on espionage. The group has been observed employing a variety of sophisticated tactics and techniques, including the use of malware such as TOGREASE, GREASE, and RandomQuery, which	Unspecified	2

Source Document References

Information about the Quasar Rat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	7 days ago	North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors
ESET	4 months ago	Unmasking AsyncRAT: Navigating the labyrinth of forks
InfoSecurity-magazine	6 months ago	Fake Bitdefender Site Spreads Trio of Malware Tools
Securityaffairs	6 months ago	Crooks use a fake antivirus site to spread Venom RAT and a mix of malware
Recorded Future	9 months ago	2024 Malicious Infrastructure Insights: Key Trends and Threats
Unit42	a year ago	Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation
DARKReading	a year ago	Constantly Evolving MoonPeak RAT Linked to North Korean Spying
Securelist	a year ago	An overview of the BlindEagle APT’s activity in Latin America
CERT-EU	2 years ago	Microsoft Teams bug allow hackers to sidestep security, plant malware
Unit42	a year ago	Accelerating Analysis When It Matters