Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Quasar RAT Exploits DLL Side-Loading

October 23, 2023
Reading Time: 7 mins read
in Alerts

The Quasar RAT, an open-source remote access trojan, has been identified using a technique called DLL side-loading to discreetly pilfer data from compromised Windows systems.

Researchers from Uptycs noted that Quasar RAT, also known as CinaRAT or Yggdrasil, capitalizes on the inherent trust Windows places in certain files, such as ctfmon.exe and calc.exe, to execute its malicious activities. This C#-based remote administration tool is versatile, capable of collecting system data, logging keystrokes, taking screenshots, and running arbitrary shell commands.

DLL side-loading is a tactic often employed by threat actors to disguise their actions under legitimate and trusted system or software processes. In the case documented by Uptycs, the attack begins with an ISO image file containing three files: a legitimate binary (ctfmon.exe) renamed to eBill-997358806.exe, a MsCtfMonitor.dll file renamed to monitor.ini, and a malicious MsCtfMonitor.dll.

When the renamed binary (eBill-997358806.exe) is executed, it employs the DLL side-loading technique to conceal malicious code within the masqueraded ‘MsCtfMonitor.dll’ file, launching the next stage – an executable known as “FileDownloader.exe” injected into Regasm.exe. This leads to the execution of a genuine calc.exe file via DLL side-loading, ultimately launching the final Quasar RAT payload.

The trojan creates connections with a remote server to send system information and even establishes a reverse proxy for remote access to the infected endpoint. The exact identity of the threat actor and the initial access method remain unclear, but it is suspected that phishing emails may play a role in the distribution of this malware. Therefore, users are urged to exercise caution when dealing with suspicious emails, links, or attachments.

Reference:
  • Quasar RAT Leverages DLL Side-Loading Techniques
Tags: CinaRATCyber AlertCyber Alerts 2023CybersecurityDLLsOctober 2023open sourceQuasarQuasar RATRATRemote Access TrojanVulnerabilitiesWindowsYggdrasil
ADVERTISEMENT

Related Posts

Windows Defender Flaw Enables Hijack

GPUGate Abuse of Google Ads and GitHub

September 9, 2025
Windows Defender Flaw Enables Hijack

Windows Defender Flaw Enables Hijack

September 9, 2025
Windows Defender Flaw Enables Hijack

Npm Packages Compromised In Attack

September 9, 2025
Atomic Stealer Masquerades As Cracked App

iCloud Calendar Used For Phishing Emails

September 9, 2025
Atomic Stealer Masquerades As Cracked App

Czech Cyber Agency Warns On Chinese Tech

September 9, 2025
Atomic Stealer Masquerades As Cracked App

Atomic Stealer Masquerades As Cracked App

September 9, 2025

Latest Alerts

Windows Defender Flaw Enables Hijack

Npm Packages Compromised In Attack

GPUGate Abuse of Google Ads and GitHub

iCloud Calendar Used For Phishing Emails

Czech Cyber Agency Warns On Chinese Tech

Atomic Stealer Masquerades As Cracked App

Subscribe to our newsletter

    Latest Incidents

    Hackers Steal Secrets In GitHub Attack

    Plex Users Told To Reset Passwords

    Lovesac Confirms Breach After Attack

    Azure Cloud Hit By Red Sea Cable Cuts

    Tenable Confirms Breach Of Customer Data

    US Probes Malicious Email On China Talks

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial