Rewterz Threat Alert – Red Line Malware – Active IOCs
September 6, 2021Rewterz Threat Alert –GandCrab Ransomware – Active IOCs
September 6, 2021Rewterz Threat Alert – Red Line Malware – Active IOCs
September 6, 2021Rewterz Threat Alert –GandCrab Ransomware – Active IOCs
September 6, 2021Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 4ef1927705d28faf8456c200397d0af6
- b6c5e59a9f59dfd0b73d59671b691421
- 62599714704819263c9eb56fb5ee7963
- b5532f3c41be25db7c75f4cab0312ed4
- 876778d1fa5b67e4adf3a085c1579743
- 59484142297295b43dad865a0b57862d
- 33e89c491e8377e0f0a75c8c610047c9
- a4c580412aa4aa617bdb1e32f407e950
SHA-256
- cd5a8de963a29d07bb003a8d03fa7ba38e5004641fe8138885c967db46bef0fc
- 3fb8ef0e57d3cbad82483cba016a1380698f2efca89d80d29d2cfab35b5c5cce
- c9f3809e03b16e882045d60098de50368ec918f1ebf62ef620269b847cc05bcf
- 209bc147912ee7526795ad19a9ee2bcd2a173528fb7106a224e899d2ff703c56
- ad75284df4f8f435046b71ba271cd8980dc041ffaaac9e1c80df5c2e8210aa09
- bf4d2ebcd94f97f4b6955d24837ba651e5318e71a37054e3014d65e3f93d750c
- 186c6d9436fede48c161c51f7abe10e254659389ef9a2b0b4c780b99e3a8d2e1
- 628fa0100b8c459a19cf05694b43056189dfd7b30f66f6502412bbebc7bfa483
SHA1
- b92ab805e7c2884abcf371179b0d8989c4f90025
- 71b745e90a56697062984e2c3d96f83395a62d64
- 7ec38fcc6807f09b428e6ea1fcd6fb6b5d6e61eb
- d0dd55df3e72d499aa70742943e22801d2ed2606
- 343c3f047ad208b86312862a200f74fb3beabaa9
- 02c530a67504ddb166a99cd1d48d8f8e60f81a12
- a9006b70f4a53ba5ce01d50045a158e232fb7834
- 768c47134896638676682fb3ad6da715c4f95a17
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.
- Do not download email attachments coming from untrusted sources.
- Do not download any files from random sources on the internet.
- Keep WinRAR updated to the latest patched versions.