Multiple Microsoft Products Vulnerabilities
July 15, 2025Remcos RAT – Active IOCs
July 15, 2025Multiple Microsoft Products Vulnerabilities
July 15, 2025Remcos RAT – Active IOCs
July 15, 2025Severity
Medium
Analysis Summary
Quasar malware is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users' computers for malicious purposes. The Quasar RAT was first discovered in 2015 and is known for its ability to evade detection by most anti-virus software.
The Quasar RAT is typically spread through phishing emails or other social engineering tactics. Once a victim clicks on a malicious link or downloads a malicious file, the Quasar RAT will be installed on their computer without their knowledge.
Once installed, the Quasar RAT allows the attacker to perform a variety of malicious actions, including:
- Viewing and manipulating files on the victim's computer
- Recording keystrokes and stealing login credentials
- Taking screenshots and recording audio and video from the victim's webcam and microphone
- Installing other malware or tools to further compromise the victim's computer or network
- Using the victim's computer as a part of a botnet to launch attacks on other targets
To protect against the Quasar RAT and other similar types of malware, it is important to practice good cybersecurity habits, such as avoiding suspicious emails and links, keeping anti-virus software up-to-date, and regularly backing up important files.
Impact
- Data Theft
- Exposure to Sensitive Data
Indicators of Compromise
MD5
8f62555a8b971031704360a6da25fcb9
d01ae4dcddefb59233e418e272c9a502
7f4740bcc4719f3c5a756a1012af61bc
21141b0e4f1a9a8dc4d21fa7e51d24d2
11442f597f007c996c7d11ff0c5b25c5
SHA-256
4ffb29bf50ade68db76b3ce13f8a4dfad2c1d72276af19abd6f62f2fd540be89
2842fe7252e319f115e24aa964499913a1d2378089b490280af83996bc482796
88fde9a2c7f061165c94aea3dea033b834b20cafd7c56e7f906f75b77c9447b9
c66c439cecc85c1c339f113fdd01c628bbb5342fc6e8e094c4f67144926b9695
d0d45748b2c23a07885a6e0d225495e6800f9bc005a7dd60261881cae8b91583
SHA1
9735c2990261f9916fae354f2548a743df337595
b71188a5bc98b21f1a103f8f6a7372255c7408fc
02bc99887bff72e84439c6a11d7cef081d4f9f5c
ea438b87a65db738c419a4712afbcc79b9f2c02e
1cd87246f5cacb33871eb36f9b0e84061c4ebb4e
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Do not open emails and attachments from unknown or suspicious sources.
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.