Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- 5db1d88dc4b7a497dbf089a0e07fce86
- d85a569692dcc30d7138af19b201f3be
SHA-256
- f5e3d1fc259ffff2f85f7f631ebdee010c0981ece39a9da2b6d56c0f59954bda
- 636eade7adbff93edfb59548f6861fcf4e26ff9bcd2b413a1fb5cac290e1e05b
SHA-1
- 264e872f2d7c196d761182bce91b77bb0b4f3d21
- 9fc5b70cb87c180b9815e808a8041fe44b1faa30
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.