Request a Demo
Rewterz
Rewterz Threat Alert – Trickbot Malware – Fresh IOCs
August 17, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-34407 – Zoom Remote Code Execution
August 17, 2021

Rewterz Threat Alert – Quasar RAT – Active IOCs

Severity

High

Analysis Summary

Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geo location domain and then the RAT is downloaded.

srJFgBczvUVN0O7vhUbZtcAtFR99oYHJ_EO4XiwWuN-Dt8O-gH9h_xzOQc5k-SZK8xhhHMfcTvx1oHt-g_lRcSBAaaextSloNwaXx0hzh6-hDbS8tqCgIQ1oXxHHl_nZuZpPcDAv

Impact

  • Data Theft

Indicators of Compromise

MD5

  • 89d2f5554d0e349c0faaf9610d30e431
  • 7c7b9abc93806e141f78cff75869905a
  • 733fac610c6dbad46d6b9e02b14aceb3

SHA-256

  • 4b8ad10cc126b55fd0ddc1a4600d7e549f7ff36a566cd9ed1a839432afa75da1
  • 5f6ff81b3f1bc41a26b0006b1c721dc44e691e48d8d91e455c75efdc5c476733
  • 62e3c7bae300b8efb435fa18d19200b713288bc4d26c3a111a73781b60618c4b

SHA1

  • f3b7ce3fe96ed2a78cb7632cec7cbf10f082868f
  • fbf7b190b1e946c77507b1875912ea3784b4f617
  • 000dbf8c161644622a63a29c98fe794f92ae193a

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download email attachments coming from untrusted sources.
  • Do not download any files from random sources on the internet.
  • Keep WinRAR updated to the latest patched versions.