Mastodawn

In the second part, we unwrap #QuasarRAT, a popular .NET remote access trojan, and show how to extract its encrypted configuration out of the binary.

https://buff.ly/agWWCnp

Silas Cutler Oct 7

Interesting #OpenDir on #QuasarRat C2 server 185.208.159[.]161:8000 . The open web directory includes source code for a backdoor + misc development artifacts.

https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161

#malware #thread 🧵

James_inthe_box Aug 20, 2025

Guess we're back to these...:
http://episode-windsor-subdivision-delivery.trycloudflare\.com
https://lol-julian-impossible-bermuda.trycloudflare\.com
https://italia-committees-practical-violence.trycloudflare\.com

#asyncrat #purehvnc #quasarrat

jskeywon.duckdns\.org
jbsak.duckdns\.org
jul5050quasae.duckdns\.org
ksj43ts.duckdns\.org

Karsten Hahn Jul 16, 2025

Nikola Knežević created an overview of AsyncRAT forks and how they relate to each other. Great research.

#AsyncRAT #QuasarRAT
https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/

lazarusholic Apr 17, 2025

"Around the World in 90 Days: State-Sponsored Actors Try ClickFix" published by Proofpoint. #ClickFix, #QuasarRAT, #TA427, #DPRK, #CTI https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix

Around the World in 90 Days: State-Sponsored Actors Try ClickFix | Proofpoint US

Key Findings While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social

Proofpoint

Hackread.com Jan 3, 2025

🚨 Alert: Watch out as this new malicious NPM package installs #QuasarRAT instead of scanning for ETH contract vulnerabilities. ⚠️

Read: https://hackread.com/npm-package-disguised-ethereum-tool-quasar-rat/

#CyberSecurity #NPM #Malware #Ethereum

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News

Corelight Dec 23, 2024

Quasar RAT continues to be a top player in malware attacks, often slipping under the radar. In our latest blog, we explore how Corelight’s Open NDR detects Quasar RAT by analyzing its default TLS configuration, giving you full visibility into C2 traffic.

We've also open-sourced a five-line Zeek script that enhances detection and helps you stop Quasar RAT in its tracks.

💡 Don’t miss this powerful, simple tool to bolster your defenses.
🔗 Get the full details and the script here: https://lnkd.in/eJNDm3V6

#Cybersecurity hashtag#Malware #QuasarRAT hashtag#Zeek #NDR #NetworkSecurity

This link will take you to a page that’s not on LinkedIn

D3Lab Dec 13, 2024

🚨 Campagne Malware | Italy | Week 50 🚨

📲 #Irata: APK Bank
📧 #XWorm: Fattura Freccia Rossa
💰 #QuasarRAT: Bonifico
📦 #Formbook: DHL spedizione
📂 #Lumma: Copyright
⚖️ #Rhadamanthys: Copyright
🖥️ #VipKeyLogger: Prezzi

🔍 Attenzione alle minacce! #CyberSecurity #MWItaly