DILLJUICE

Description

(Cylance) QuasarRAT is a lightweight remote administration tool written in C#. It can collect system information, download and execute applications, upload files, log keystrokes, grab screenshots/camera captures, retrieve system passwords and run shell commands. The remote access Trojan (RAT) is loaded by a bespoke loader (a.k.a. DILLWEED). The encrypted QuasarRAT payload is stored in the Microsoft.NET directory, decrypted into memory, and instantiated using a CLR host application. In later variants an additional component is also used to install the RAT as a service (a.k.a DILLJUICE).

The following technical analysis focuses on the bespoke QuasarRAT loader developed by MenuPass and modifications made to the QuasarRAT backdoor.

Names

Name
DILLJUICE
FYAnti

Type

Reconnaissance
Backdoor
Info stealer
Credential stealer
Exfiltration

Information

https://threatvector.cylance.com/en_us/home/threat-spotlight-menupass-quasarrat-backdoor.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.dilljuice

Other Information

Uuid

d7ec9af2-2901-4191-a761-4662e997d2a5

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

DILLJUICE

DILLJUICE

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks