Investigation Identifies 64 Quasar RAT Servers
/ 1 min read
🕵️♂️ Comprehensive Analysis Reveals 64 Quasar RAT Servers Using Dnspy and Shodan. A detailed investigation into the Quasar Remote Access Trojan (RAT) utilized Dnspy for configuration extraction and Shodan for identifying additional servers, resulting in the discovery of 64 Quasar servers. The analysis began with unpacking a malware sample, followed by extracting configuration details, including the command and control (C2) server and an x509 certificate. Shodan queries revealed 15 servers primarily located in China, Hong Kong, and Germany, with low detection rates on VirusTotal. Further exploration using Censys identified an additional 46 servers. The findings suggest that while some servers may not be overtly malicious, their association with Quasar raises concerns about potential malware activity. A complete list of identified servers is provided.
