Rewterz Threat Alert – Emotet is back – Active IOCs
November 29, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
November 29, 2021Rewterz Threat Alert – Emotet is back – Active IOCs
November 29, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
November 29, 2021Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- 4fc9c76cff2ebf965ea54fb8ffca9bd2
- 361ee66ffa93eda7d78eb4a5d14bfd57
SHA-256
- 65ff9604f7025d9386645cb0d7502744f0b5768dec4ff461687b92db72acd803
- 8f42439424657a1b5f08a2ec107041b5a7e01129dd40bb08fa04659b70d90567
SHA-1
- 6f287cef67bb4bde3b44968c1ee78fb035cfb986
- e8157e8283a3f8eb7390d45b98ae4d32c53ce273
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.