Rewterz Threat Alert – Trickbot Malware – Fresh IOCs
August 17, 2021Rewterz Threat Advisory – CVE-2021-34407 – Zoom Remote Code Execution
August 17, 2021Rewterz Threat Alert – Trickbot Malware – Fresh IOCs
August 17, 2021Rewterz Threat Advisory – CVE-2021-34407 – Zoom Remote Code Execution
August 17, 2021Severity
High
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geo location domain and then the RAT is downloaded.
Impact
- Data Theft
Indicators of Compromise
MD5
- 89d2f5554d0e349c0faaf9610d30e431
- 7c7b9abc93806e141f78cff75869905a
- 733fac610c6dbad46d6b9e02b14aceb3
SHA-256
- 4b8ad10cc126b55fd0ddc1a4600d7e549f7ff36a566cd9ed1a839432afa75da1
- 5f6ff81b3f1bc41a26b0006b1c721dc44e691e48d8d91e455c75efdc5c476733
- 62e3c7bae300b8efb435fa18d19200b713288bc4d26c3a111a73781b60618c4b
SHA1
- f3b7ce3fe96ed2a78cb7632cec7cbf10f082868f
- fbf7b190b1e946c77507b1875912ea3784b4f617
- 000dbf8c161644622a63a29c98fe794f92ae193a
Remediation
- Block the threat indicators at their respective controls.
- Do not download email attachments coming from untrusted sources.
- Do not download any files from random sources on the internet.
- Keep WinRAR updated to the latest patched versions.