Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Elastic Security Labs has uncovered a new intrusion set targeting Chinese-speaking regions, dubbed REF3864. The threat group employs a custom loader called SADBRIDGE to deploy GOSAR, a Golang-based reimplementation of the QUASAR backdoor. The infection chain involves trojanized MSI installers masquerading as legitimate software, utilizing DLL side-loading and injection techniques. GOSAR extends QUASAR's capabilities with additional information-gathering features, multi-OS support, and improved evasion tactics. The malware employs various persistence mechanisms and privilege escalation techniques, including UAC bypass and abuse of Windows Task Scheduler. GOSAR's functionalities include system information retrieval, screenshot capture, command execution, and keylogging, among others.
OPENCTI LABELS :
backdoor,keylogger,golang,quasar,sadbridge,gosar
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite