user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Backdoor:MSIL/Quasar!atmn
Backdoor:MSIL/Quasar!atmn - Windows Defender threat signature analysis

Backdoor:MSIL/Quasar!atmn - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Backdoor:MSIL/Quasar!atmn
Classification:
Type:Backdoor
Platform:MSIL
Family:Quasar
Detection Type:Concrete
Known malware family with identified signatures
Suffix:!atmn
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for .NET (Microsoft Intermediate Language) platform, family Quasar

Summary:

This is a concrete detection of Quasar RAT, a well-known .NET-based backdoor. This malware provides attackers with complete remote control over the infected system, allowing for data exfiltration, command execution, and establishing persistent access. The technical evidence points to the use of system utilities (PowerShell, Rundll32) and process hooking to maintain its foothold and evade detection.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
Known malware which is associated with this threat:
Filename: MatrixHub-CRAKED.exe
515a1964e8ba79521393a6d4b10fd33de62615940a572d13401c6ce440f53a44
24/03/2026
VirusTotalDownload Sample
Filename: Client.exe
011872f14b1024cd6873aded365f0ff3e73e42c2ea1d7f7e55fe5daa43f27e66
23/03/2026
VirusTotalDownload Sample
Filename: Client.exe
5cdb08302598109d9acfa37730dd8bee5018dce9d62c8382e900c2b726806dff
20/03/2026
VirusTotalDownload Sample
Filename: injecter.exe
1dca871a9485fc5e894cdf39e563a36d015823bf4f28bb558ca18dbe7cfec959
31/01/2026
VirusTotalDownload Sample
b90c6e8995816053bb82f743f28a045f46b586577c75ffea848b7c02d3956762
31/01/2026
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the affected machine from the network to prevent lateral movement. Use your security software to remove the threat. Investigate for persistence mechanisms (e.g., scheduled tasks, registry keys) and change all user and service account passwords associated with the machine. Consider re-imaging the system from a known-good source.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 14/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$