Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
July 25, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
July 25, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
July 25, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
July 25, 2022Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- 5c3d66b3f4ec278a92dc1317955207c6
- c5c7a708e3609aa25eb6fa2d85487041
SHA-256
- 100f14bd43501076a1b9dc89bdbc702aadbe65054c05e4bdf9ad8f0000d1c699
- 8fe8b38e46e68d17dac4b49920702b2856eadd399ada052e8fbf66171335afee
SHA-1
- fec09ab5291fc2f0d13ffcd65828fefa130e318e
- 27d17e60f347a390d6c65f719179e92eb0594d7a
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.