March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Akira Ransomware Exploits RDP on Windows Server and Bypasses EDR Using Webcam
March 10, 2025GuLoader Malspam Campaign – Active IOCs
March 11, 2025Akira Ransomware Exploits RDP on Windows Server and Bypasses EDR Using Webcam
March 10, 2025GuLoader Malspam Campaign – Active IOCs
March 11, 2025
Severity
Medium
Analysis Summary
Quasar malware is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users' computers for malicious purposes. The Quasar RAT was first discovered in 2015 and is known for its ability to evade detection by most anti-virus software.
The Quasar RAT is typically spread through phishing emails or other social engineering tactics. Once a victim clicks on a malicious link or downloads a malicious file, the Quasar RAT will be installed on their computer without their knowledge.
Once installed, the Quasar RAT allows the attacker to perform a variety of malicious actions, including:
- Viewing and manipulating files on the victim's computer
- Recording keystrokes and stealing login credentials
- Taking screenshots and recording audio and video from the victim's webcam and microphone
- Installing other malware or tools to further compromise the victim's computer or network
- Using the victim's computer as a part of a botnet to launch attacks on other targets
To protect against the Quasar RAT and other similar types of malware, it is important to practice good cybersecurity habits, such as avoiding suspicious emails and links, keeping anti-virus software up-to-date, and regularly backing up important files.
Impact
- Data Theft
- Exposure to Sensitive Data
Indicators of Compromise
MD5
eebe352d8dafa84919d45ee16a58e96a
292bffaf271dd22d56bbe58ed82ce3aa
e39bff9712c6a2b0677c18c9f368ee6d
SHA-256
4cd3f60d9bff903a56afc5e1c6c06c73f293af40c60c06453f55f4160d1635ca
6a7dc613ef39f63d90b16abf355186900b2fd21aebf74d38c5dbc1935779014e
a79f21c911c437962e8002a2ecbea1558b56cfe5e1c8a10219f5d5717091c26f
SHA1
ff35cbea59d3341e1c0247d7cc6567a96424f6dd
137e36defb601f67772249cf8a9fd4479ea8fca3
a209b8ef9d8ea0c4bdeab108d87856345d0f72dc
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Do not open emails and attachments from unknown or suspicious sources.
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.