Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- af7a336ac7fca059f6aa875a8da74609
- d35bddd3a36c7f33e086db7464c817a4
- 811f46696830ead7b26c5f23b4416939
- a19c4fe9057d41d1a0cf322c84c9a7a3
SHA-256
- b57f1bcbc72248c3adbdd951d4fb5ef727d79aa36e477d2ac52a1169119e0c28
- a4496847096f3b16c8cc2e743e48dabb687480f096384605f8601aa23dd05a8e
- 52d14c318dd0d66fcba72250ee462f8c633fb9f5c44fd2a21368a1016ae41966
- 19be50c734dd5fa458b14f7b63c503c6d5d187f88472940458d7108ee62eae38
SHA1
- 7a624b037a6527310ed6b2420b604183a953fe3d
- 9e05674466f0935a5b17031a2278f64809878033
- 49709a2a5f49f94c11669a5ca74bfbc4707408f3
- 40e07768bd6820cff595d19ffdbefba56fb9ce86
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.