Rewterz Threat Alert – DJVU Ransomware – Active IOCs
April 6, 2022Rewterz Threat Alert – BlackMoon Banking Trojan – Active IOCs
April 6, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
April 6, 2022Rewterz Threat Alert – BlackMoon Banking Trojan – Active IOCs
April 6, 2022Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 6639088fcf7cf2b4be3b501249aef1d4
SHA-256
- 0c55a719b7c86b437000a2cd90380e6a56130c2e049c5d15c71fc1e1e7399e30
SHA-1
- 4e8735e4f32ef109f1d732712eb40abf5d4f03ab
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.