Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
July 15, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
July 15, 2021Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
July 15, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
July 15, 2021Severity
High
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geo location domain and then the RAT is downloaded.
Impact
- Data Theft
Indicators of Compromise
MD5
- df991217f1cfadd9acfa56f878da5ee7
- 6e80b873f781e1fcfb14fdb4b90cf5c4
- ea2a146b3297499c1d3e2b24a7689d6e
- 479fbbee11e96a6c1051204071ddfef2
SHA-256
- deb1246347ce88e8cdd63a233a64bc2090b839f2d933a3097a2fd8fd913c4112
- b9a1c2a5ed66d7d8acf7c41a44fd0534cecf86a8e673e389a4e5b01c79d29c36
- a9bf4d70ada021f2b8212502cb3e3f7373855675ac4a7fa080cedbd9e13b08fd
- 0e9337afa6d108d1f0b317f03d48195c5b163319bd9858a96081dfdfb1fd5269
SHA-1
- 0b03b34cfb2985a840db279778ca828e69813116
- 2f40c92ba59a3429d1ae6075120cf8627fda8e19
- b5af4543ca009b459872dac9adae0a0af2ca5cdf
- 13db779ca29e73b0c04866381a08f2b7afcf4e2a
Remediation
- Block the threat indicators at their respective controls.
- Do not download email attachments coming from untrusted sources.
- Do not download any files from random sources on the internet.
- Keep WinRAR updated to the latest patched versions.