The general algorithm of actions is as follows: you need to start the server, specify the necessary settings, build the client application and upload it to the remote machine. After installation on a remote machine, the client works autonomously, trying to connect to the server at specified intervals, either by IP address (IPv4 and IPv6 supported) or by DNS name. The client is identified by the tag that you specify in the settings. In order not to get confused, let’s immediately define that in Quasar terminology a machine is called a server where data is transferred from user computers, and a client is a PC that you are monitoring. NET Framework 4.5.2 or a later version if it is not already installed on your system. Also, to get started, you need to install. bat file from the Quasar distribution kit. Before unpacking the contents, you should disable antiviruses, otherwise they will happily remove the executable and the. The program is delivered in the form of an archive, inside which all the files necessary for its operation are located. And since I had to deal with this program, it would be a sin not to share my impressions of its use with you. On the advice of my colleagues, I chose Quasar RAT as a tool. It just so happened that I suddenly needed a utility for remote control of one of the computers in my LAN. On the other hand, it is quite easy to use, and even an inexperienced user can figure it out. interception of passwords in browsers, FTP-clients and other programs ĭespite the presence of Quasar RAT in free access and a certain popularity (looking at the number of forks and the activity of the community), the software is documented, I would say, modestly.remote execution of shutdown and reboot commands.launching the file manager, task manager and boot manager.remote shell and launch of executable files on command.The program is written in C# and is positioned by its developers as “an easy and convenient tool for remote administration, technical support and employee monitoring.” Quasar RAT has a client-server architecture traditional for Remote Assistance Tool and, despite its compactness, has a rather rich arsenal of features, including: You can download Quasar RAT from the project page on github. What is RAT? This particular tool is written for Windows, but it is freeware and open source, which definitely adds to its advantages over other similar software. One such software called Quasar RAT recently fell into my tenacious paws. Now for those who like to spy on something, the expanse has come thanks to the software, with which you can get access to a variety of information. Someone liked physics, someone biology, someone was most pleased with physical education – because of the opportunity to spy on the change in the women’s change room. Monitoring and working with a remote hostĮach of us had a favorite subject at school.The “Perform” export function is given for DLL execution argument. Once the “Start” export function is executed, Gold Dragon copies itself to a certain path and registers the copied DLL to the autorun registry key. The installer first executes Gold Dragon by giving the “Start” argument. The installed Gold Dragon has 4 export functions. The installer downloads Gold Dragon compressed in the form of a Gzip file from the attacker’s server, decompresses it as “in.tmp” in the %temp% path, then executes it via rundll32.exe. The attacker installed Gold Dragon through the exclusive installer ( installer_.exe). Termination of Daum Cleaner (daumcleaner.exe) process.Feature of terminating AhnLab product’s real-time detection window class (49B46336-BA4D-4905-9824-D282F05F6576).Injection method is same as the method used by the original Gold Dragon (behavior of process hollowing on iexplore.exe, svchost.exe,etc.).The basis for assuming that the obtained file is a variant of Gold Dragon is as follows: On January 26th, 2022, the ASEC analysis team has discovered that the Kimsuky group was using the xRAT (Quasar RAT-based open-source RAT) malware.Īccording to the logs collected by AhnLab’s ASD (AhnLab Smart Defense) infrastructure, the attacker installed a variant of Gold Dragon on the first infected PC on January 24th. Posted on FebruDistribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |