This report examines NullPoint Stealer Technical Malware Analysis Report.
Executive Summary & Key Findings
At ThreatMon, we strive to prevent potential malicious activities by informing individuals, companies, firms, institutions, and organizations about current threats through our reports, posts, and analyses.
Pulsar is a modular, open-source .NET-based Remote Administration Tool (RAT) designed to provide comprehensive control and monitoring capabilities on Windows systems. As a continuation of Quasar RAT, Pulsar incorporates significant enhancements that expand its functionality and adaptability. Pulsar introduces advanced features such as encrypted communication via TLS, reverse proxy support, and remote desktop access, while also adding new modules for specialized tasks like anti-debugging, virtualization detection, and data exfiltration.
Building upon the Quasar framework, Pulsar extends its architecture with unique capabilities such as webcam and microphone access, Hidden Virtual Network Computing (HVNC) for stealthy remote desktop control, and the integration of the Kematian Grabber module for credential harvesting and sensitive data extraction.
The tool also includes creative modules under “FunStuff,” enabling operations like GDI effects, blue screen of death (BSOD) triggers, mouse swapping, and taskbar hiding, showcasing versatility beyond conventional RAT applications.
Further enhancements include robust anti-VM, anti-debugging techniques, code injection capabilities, and built-in obfuscation and packing mechanisms to evade detection. Pulsar’s modular design allows for the seamless addition of plugins, enabling developers and operators to customize its functionality for specific campaign objectives, whether for legitimate IT administration or unauthorized.
Pulsar’s extensive feature set and adaptability make it a powerful tool within the remote administration landscape. While offering legitimate use cases such as IT support and remote workforce monitoring, its advanced stealth and exploitation capabilities highlight the need for vigilance against potential misuse. As Pulsar continues to evolve, it represents both an asset and a threat, depending on its deployment context.
We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:
