Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Quasar RAT Exploits DLL Side-Loading

October 23, 2023
Reading Time: 7 mins read
in Alerts

The Quasar RAT, an open-source remote access trojan, has been identified using a technique called DLL side-loading to discreetly pilfer data from compromised Windows systems.

Researchers from Uptycs noted that Quasar RAT, also known as CinaRAT or Yggdrasil, capitalizes on the inherent trust Windows places in certain files, such as ctfmon.exe and calc.exe, to execute its malicious activities. This C#-based remote administration tool is versatile, capable of collecting system data, logging keystrokes, taking screenshots, and running arbitrary shell commands.

DLL side-loading is a tactic often employed by threat actors to disguise their actions under legitimate and trusted system or software processes. In the case documented by Uptycs, the attack begins with an ISO image file containing three files: a legitimate binary (ctfmon.exe) renamed to eBill-997358806.exe, a MsCtfMonitor.dll file renamed to monitor.ini, and a malicious MsCtfMonitor.dll.

When the renamed binary (eBill-997358806.exe) is executed, it employs the DLL side-loading technique to conceal malicious code within the masqueraded ‘MsCtfMonitor.dll’ file, launching the next stage – an executable known as “FileDownloader.exe” injected into Regasm.exe. This leads to the execution of a genuine calc.exe file via DLL side-loading, ultimately launching the final Quasar RAT payload.

The trojan creates connections with a remote server to send system information and even establishes a reverse proxy for remote access to the infected endpoint. The exact identity of the threat actor and the initial access method remain unclear, but it is suspected that phishing emails may play a role in the distribution of this malware. Therefore, users are urged to exercise caution when dealing with suspicious emails, links, or attachments.

Reference:
  • Quasar RAT Leverages DLL Side-Loading Techniques
Tags: CinaRATCyber AlertCyber Alerts 2023CybersecurityDLLsOctober 2023open sourceQuasarQuasar RATRATRemote Access TrojanVulnerabilitiesWindowsYggdrasil
ADVERTISEMENT

Related Posts

Malicious npm Packages Deliver Protestware

Matanbuchus Malware Spread via Teams Voice

July 18, 2025
Malicious npm Packages Deliver Protestware

Hackers Host Amadey Malware via GitHub Repos

July 18, 2025
Malicious npm Packages Deliver Protestware

Malicious npm Packages Deliver Protestware

July 18, 2025
Malicious Telegram APK Campaign Uncovered

Malicious Telegram APK Campaign Uncovered

July 17, 2025
SonicWall Zero-Day RCE Exploited

Stealthy JavaScript Attacks via SVG Files

July 17, 2025
SonicWall Zero-Day RCE Exploited

SonicWall Zero-Day RCE Exploited

July 17, 2025

Latest Alerts

Matanbuchus Malware Spread via Teams Voice

Hackers Host Amadey Malware via GitHub Repos

Malicious npm Packages Deliver Protestware

Malicious Telegram APK Campaign Uncovered

Stealthy JavaScript Attacks via SVG Files

SonicWall Zero-Day RCE Exploited

Subscribe to our newsletter

    Latest Incidents

    Stormous Hits North Country Health

    BigONE Crypto Exchange $27M Hit

    Co-op Data Stolen of 6.5M Members

    Cyberattack Strikes Air Serbia

    Customer Data Breach at Seychelles Bank

    Ukrainian Hack Hits Russian Drone Firm

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial