Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar

Quasar RAT, an open-source remote access trojan, has been spotted using DLL side-loading to fly under the radar and surreptitiously suck data from compromised Windows computers. “This technique capitalizes on the inherent trust these files command within the Windows environment,” Uptycs researchers Tejaswini Sandapolla and Karthickkumar Kathiresan said in a study published last week, describing the malware’s use of ctfmon.exe and calc.exe as part of the assault chain.

Quasar RAT, also known as CinaRAT or Yggdrasil, is a C#-based remote administration tool that can collect system information, a list of running apps, files, keys trokes, screenshots, and execute arbitrary shell commands. Many threat actors use DLL side-loading to execute their own payloads by inserting a faked DLL.

Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar

23-Oct-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address