March 20, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
January 24, 2023Rewterz Threat Alert – AsyncRAT – Active IOCs
January 24, 2023Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
January 24, 2023Rewterz Threat Alert – AsyncRAT – Active IOCs
January 24, 2023
Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 70a2790cfffc1fdb6295432cea15f81a
- fe5c62834c14725422ce33ba28e47f1e
- a9e8c19f41167cda909e36273539c77f
SHA-256
- 8e2077e72cbe9be4878f3280a6fbae48c94fc5ade445c154f08a61b39ad58bab
- 3e77806319fdc6be34ec4f682e526114f8fbf88836fe9d36b602a442e706757e
- 6d5defac0ad84fc415138d9fddad770f84a156560d6a77c5af274abe529bd14e
SHA-1
- d001b5c3b8f09e7a898f6646571204aba977a7da
- 2c5c955653cb633330aa12e2fe7dfefa1fc482c0
- 97dbda668a378e68bf9eed35d934fccef30562f5
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.