Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- dfa365a4ee96ac5b0d13d6a6de72bada
- 122341d7b40c0ee5ad9eb4b5e56a5ed8
- 30ea58dd6e407d3dda5dc7d21b5126c5
SHA-256
- 0a75f53a90371511b4b8b8848dc07aace356094dcf150f2d27c5125e3dc2a284
- c3e53e28198dfe92caa7b46355f543dd18c0353ef42f2e28862682a79e863735
- 85d9cae5e66a5a61a367bcd7b7967ed5715fab928604714db8050ccddab5d15
SHA-1
- 2dd0b72515eeeb916065b4a178cbf6b8c47892e9
- c1c929d53da34787cfd8381b3ea6a3c2c1ba1a33
- 34c9be682594c48b74ad6d88064bf72876c91965
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.