Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 1, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
July 1, 2022Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 1, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
July 1, 2022Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- b4e155a1f2a1c113d9ac738f5d8a30dc
- 3e5b366ae34c07f54c092c58ef4e6123
- 07ffa5f5963839f9806f64a80cce8b6c
- d211d59c41a59c3e2fcb99cf2c210fc3
SHA-256
- fd5ee9d5df39aead68a5a284cfea50593a068b03c182a3a1440b4a53476c9f10
- 2be319f4aca0410002778909a05369b09f48e0054490c1357f9c42cba0af3e9f
- a3416160ea8193b60054defb2665d3d6e96edebbc8adf869b4f36f7a07646629
- 9db4f8b7c2725d39fa86aa7567d13df84f6c1e4e124221a90a2e594f4a50eb51
SHA-1
- 38ad2cfa750ef51381159c6903debaa8d1d4c191
- cadaf8a5a0def5b282837d8109d7ada848474083
- d9becce1e1ea2837e9b04232eb7c8f940a82b31d
- f48cc00d164fd40e028be860d564175d876bba69
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.