Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- 3cef3a63720ea5a1145e06a54afbfc67
- 6133fb4c459999e23d653e28ccb5361f
SHA-256
- 2e152fe827dfa8e2c15622e6062fcc7c8b6346754b5deb4c34671e21bb51abff
- 7278565b52856072e2ce87c0234478f922a05eeaaf76d1e5b428005b8b83f2bd
SHA-1
- 149807c18a8e1c16efc6e1223940005d7b2b828e
- 726e65120a8b653fe7a97ca92bc704193863795e
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.