Quasar RAT

Quasar RAT is a .NET framework open-source remote access trojan family used in cyber-criminal and cyber-espionage campaigns to target Windows operating system devices. It is often delivered via malicious attachments in phishing and spear-phishing emails. Some of its features include:

  • TCP network stream

  • Compressed and encrypted communication

  • UPnP support

  • Task manager

  • File manager

  • Remote desktop

  • Remote webcam

  • Remote shell

  • Download

  • Upload

  • Computer commands

  • Keylogger

  • Reverse proxy

  • Password recovery

  • Registry editor

Technical Details and Reporting

  • GitHub provides technical details on Quasar RAT here.

  • US-CERT published an Analysis Report, AR18-352A, on the Quasar RAT here.

  • January 2017: Quasar RAT used in recent targeted attacks against governments. (Palo Alto Networks)

  • January 2018: Quasar RAT and custom malware used in Ukraine. (Palo Alto Networks)

  • August 2019: Phishing campaign delivers Quasar RAT payloads via fake resumes. (Bleeping Computer)

Trojan VariantsNJCCICquasar