Pen testing
C2
Quasar is a remote access trojan (RAT) that allows attackers to control infected machines remotely. Written in .NET it’s an open source project for Microsoft Windows operating systems so it’s a popular tool in many attacks.
Quasar RAT has many capabilities that makes it a versatile tool for attackers. Keylogging, password stealing, screenshot, reverse proxy, file download and upload. Open source so you can customize it to fit your target or campaign.
Distribution Methods
Quasar is distributed through malicious spam emails (malspam) with infected attachments or links. Attackers also exploit publicly disclosed vulnerabilities to deploy Quasar as a secondary payload after initial compromise. Its open source nature has made it popular among many threat actors from novice hackers to APT groups.
Evasion Techniques
Quasar RAT can be packed or obfuscated to evade detection. Some attackers use DLL sideloading to run Quasar making detection harder. It can operate stealthily in the infected system to maintain persistence and prolonged unauthorized access.
Quasar RAT has many variants and derivatives due to its open source nature. CinaRAT and Yggdrasil are two examples of modified Quasar with additional features or to evade detection. These variants keep the core of Quasar and add custom modifications to fit the threat actor’s requirements.
Limit the use of remote administration tools and log all remote access sessions.
Monitor outbound traffic for unusual connections to known malicious IP.
Configure EDR to detect remote access tools and unusual system activity.
Block malspam campaigns that distribute Quasar RAT.
Quasar is used in attacks against government, energy and education. Its remote access capabilities makes it suitable for espionage and data exfiltration activities especially in industries where data is valuable. For example APT10 also known as Stone Panda used Quasar in their campaign against government entities.
Quasar RAT is used by multiple threat actors including APT groups. APT10 (Stone Panda) used Quasar in their cyber espionage campaign. Its open source nature has also made it accessible to many cybercriminals from novice hackers to organized groups.
