March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Trickbot Malware – Active IOCs
October 7, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
October 7, 2021Rewterz Threat Alert – Trickbot Malware – Active IOCs
October 7, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
October 7, 2021
Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 6ea590e60afdc93327f0c4c7a89f11ee
- 8891fee231a2c148515252d04f196006
- 73ad0c06244235ae067dca98607cd29d
SHA-256
- 7fe4e48293714b012a3b01e34ff28904301ae39ffe7c1a2f00ad0f55de6a0d6d
- 73b4cacd6312608c4d24f0aa9995a7e7bbb4d8d233eb6b424ea7e2831181bdb5
- 519c3176b556ed2d6f421004fdda023199918d08f0b8de09d06e1ce1df21b95c
SHA1
- b93f327ba6f3e288decdb26940cb875a32ead4ce
- 81b706318ddc8b617014d74a29fc8e024249893b
- 9bfdc0763e192f0674962f3d7dcc4aa5cff604f8
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.