Rewterz

Rewterz Threat Alert – Vidar Malware – Active IOCs

November 23, 2021
Rewterz

Rewterz Threat Alert – Squirrelwaffle Exploits ProxyLogon and ProxyShell Infect Systems

November 23, 2021

Rewterz Threat Alert – Quasar RAT – Active IOCs

Severity

Medium

Analysis Summary

Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.

Impact

  • Data Theft
  • Exposure of Sensitive DatA

Indicators of Compromise

MD5

  • 3cef3a63720ea5a1145e06a54afbfc67
  • 6133fb4c459999e23d653e28ccb5361f

SHA-256

  • 2e152fe827dfa8e2c15622e6062fcc7c8b6346754b5deb4c34671e21bb51abff
  • 7278565b52856072e2ce87c0234478f922a05eeaaf76d1e5b428005b8b83f2bd

SHA-1

  • 149807c18a8e1c16efc6e1223940005d7b2b828e
  • 726e65120a8b653fe7a97ca92bc704193863795e

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.