100 Days of YARA – Day 13: Quasar RAT

On By DanielIn 100 days of Yara

While browsing Malware Bazaar, I saw some recent uploads of Quasar RAT samples. I encounter this RAT at work sometimes. https://bazaar.abuse.ch/browse/tag/QuasarRAT/

The Quasar project has been active for a while on GitHub: https://github.com/quasar/Quasar

Here are some links that I have bookmarked and tagged as quasarrat which may be interesting: https://pinboard.in/u:droberson/t:quasarrat/

rule quasar_rat
{
	meta:
		description = "Quasar RAT"
		reference = "https://github.com/quasar/Quasar"

	strings:
		$ = "GetKeyloggerLogsResponse"
		$ = "GetKeyloggerLogsDirectoryResponse"

	condition:
		uint16(0) == 0x5a4d and any of them
}

YARA Rules Index

2 thoughts on “100 Days of YARA – Day 13: Quasar RAT

  1. Pingback: YARA Rules Index – DMFR SECURITY

  2. Pingback: Week 01 – 2022 – This Week In 4n6

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s