Quasar Rat

Malware updated 6 months ago (2024-11-29T13:35:53.419Z)
Download STIX
Preview STIX
Quasar RAT is a type of malware, or malicious software, that is designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Quasar RAT has been observed in use alongside other malware samples like Remcos RAT, with both using the same beacon IP addresses. Additionally, there have been instances where a MoonPeak server was seen connecting with a known Command & Control (C2) server for Quasar RAT, a tool associated with the Kimsuky group, indicating its widespread usage among threat actors. In some cases, threat actors have modified versions of Quasar RAT for specific attacks. For instance, a version of Quasar RAT was altered to steal financial credentials, repurposing this espionage tool into a banking Trojan aimed at customers of financial institutions in Colombia. This demonstrates the flexibility and adaptability of Quasar RAT, allowing cybercriminals to tailor its functionality to suit their objectives. Quasar RAT has also been involved in phishing campaigns targeting organizations in the U.S. and India. The MULTI#STORM phishing campaign used a multi-stage attack chain that culminated in the deployment of various Remote Access Trojans (RATs), including Quasar RAT. These attacks highlight the global reach of this malware and its prevalence in sophisticated cyberattacks. In response to these threats, cybersecurity firms have been actively investigating and countering attacks involving Quasar RAT, such as the ones against Ukrainian targets earlier this year.
Description last updated: 2024-11-21T10:47:10.418Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Trojan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The AsyncRAT Malware is associated with Quasar Rat. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, raUnspecified
2
The Venomrat Malware is associated with Quasar Rat. VenomRAT is a sophisticated piece of malware that was discovered by security researchers, designed to exploit and damage computer systems. The malicious software infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal Unspecified
2
Source Document References
Information about the Quasar Rat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more