Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- c9730861a855c2360bc1c610874cda86
SHA-256
- 90ca44f5d63436a70d023ae571f42c332d88bc468aded2f9acf3e9b84a6fb7ac
SHA-1
- 221bf41d5a328c3690c8ad268cfb819cc7397fba
SHA-1
- http[:]//198[.]12[.]81[.]47/435/vbc[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.