QuasarRAT is an open-source, remote access tool that is publicly available on GitHub. QuasarRAT is developed in the C# language. [1] [2]

ID: S0262
Associated Software: xRAT

Type: TOOL
Platforms: Windows

Version: 1.0

Associated Software Descriptions


Techniques Used

EnterpriseT1116Code SigningA QuasarRAT .dll file is digitally signed by a certificate from AirVPN.[2]
EnterpriseT1059Command-Line InterfaceQuasarRAT can launch a remote shell to execute commands on the victim’s machine.[1]
EnterpriseT1090Connection ProxyQuasarRAT can communicate over a reverse proxy using SOCKS5.[1][2]
EnterpriseT1003Credential DumpingQuasarRAT can obtain passwords from common browsers and FTP clients.[1][2]
EnterpriseT1081Credentials in FilesQuasarRAT can obtain passwords from common browsers and FTP clients.[1][2]
EnterpriseT1056Input CaptureQuasarRAT has a built-in keylogger.[1][2]
EnterpriseT1036MasqueradingQuasarRAT has dropped binaries as files named microsoft_network.exe and crome.exe.[2]
EnterpriseT1112Modify RegistryQuasarRAT has a command to edit the Registry on the victim’s machine.[1]
EnterpriseT1076Remote Desktop ProtocolQuasarRAT has a module for performing remote desktop access.[1][2]
EnterpriseT1105Remote File CopyQuasarRAT can download files to the victim’s machine and execute them.[1][2]
EnterpriseT1053Scheduled TaskQuasarRAT contains a .NET wrapper DLL for creating and managing scheduled tasks for maintaining persistence upon reboot.[2]
EnterpriseT1032Standard Cryptographic ProtocolQuasarRAT uses AES to encrypt network communication.[1][2]
EnterpriseT1082System Information DiscoveryQuasarRAT has a command to gather system information from the victim’s machine.[1]
EnterpriseT1125Video CaptureQuasarRAT can perform webcam viewing.[1][2]


Groups that use this software:

Gorgon Group