Rewterz Threat Alert –GandCrab Ransomware – Active IOCs
September 3, 2021Rewterz Threat Advisory – CVE-2021-34732 – Cisco Prime Collaboration Provisioning Cross-site scripting
September 3, 2021Rewterz Threat Alert –GandCrab Ransomware – Active IOCs
September 3, 2021Rewterz Threat Advisory – CVE-2021-34732 – Cisco Prime Collaboration Provisioning Cross-site scripting
September 3, 2021Severity
High
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- ad475f2552ea64ec3908548c88a19f56
- 5ce35d81fceeb1a156ddd57d78c54566
- 28f2c950438f1edf128038754d26d616
SHA-256
- 4051789f81b5f83ff9e5a5b2fd0521e6fc49b620a14b6c0b962e33f199091f1a
- 6e96727907744c67221408da9a82e00590364033d8fc2abaca35a12591f8673b
- 87a196b0adbd5dcc78872d2666f4207f736c532d62bd6287890e7d0adc590b59
SHA1
- 510be7f49ae1c3228e132e2a99edbe86df7e4a5a
- 6302e1402a702f9019e77ccd82e79074f0177607
- 2b8a82c98c670ea2bc0b46e3fbe5d110a2328961
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.
- Do not download email attachments coming from untrusted sources.
- Do not download any files from random sources on the internet.
- Keep WinRAR updated to the latest patched versions.