Rewterz Threat Advisory – Multiple Vulnerabilities IBM Sterling Secure Proxy
August 31, 2021Rewterz Threat Alert – Remcos RAT – Fresh IOCs
August 31, 2021Rewterz Threat Advisory – Multiple Vulnerabilities IBM Sterling Secure Proxy
August 31, 2021Rewterz Threat Alert – Remcos RAT – Fresh IOCs
August 31, 2021Severity
High
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
Indicators of Compromise
MD5
- 7956213b0feb9c89bdafa46413d2e82e
- 9f32a0233e7c3a0af03479d9abf3eb49
- 1ee04769dbc6bd6c1d9bb696c846840a
- 4a03ea51e3292187084c980570ce1d3d
- 624b5682f917d426ce2a4d1ec03fb5ef
SHA-256
- f6624296b09e13669e59c25c1a1fc7ea36a546a1b3d09ff3c5a3e141d48596cf
- 1c050b87cb672d0efc2953644f8b6a197234249b95a6fa94a79f7c5000822ae0
- b484b76186c0e9c0d4f8719978a2235d0f580088562df853c837e296b1d837ed
- e0148bfe1ccc1ccda614c62b28c01a360825f97d77090a6862264c08a6d37dec
- 57f21a762965de14502e74ded173e8e81e569fa7236819c3d4ce7804fa119d50
SHA1
- 1991848a89b5f7f8414f019832db3babb5fe98eb
- 5a2f5fb924a230e11c620bf8c1ab69da05288d01
- ddb700fccdbc70c2decc3d89e046a7ea23ee47b5
- 161e8d0c018a4257a6b90f53c01ad3fdc3752573
- 379757ca4ab81f1c224ab9440a4c828286513808
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.
- Do not download email attachments coming from untrusted sources.
- Do not download any files from random sources on the internet.
- Keep WinRAR updated to the latest patched versions.