• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Red Line Malware – Active IOCs
September 6, 2021
Rewterz Threat Alert –GandCrab Ransomware – Active IOCs
September 6, 2021

Rewterz Threat Alert – Quasar RAT – Active IOCs

September 6, 2021

Severity

Medium

Analysis Summary

Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.

Impact

  • Data Theft
  • Exposure of Sensitive Data

Indicators of Compromise

MD5

  • 4ef1927705d28faf8456c200397d0af6
  • b6c5e59a9f59dfd0b73d59671b691421
  • 62599714704819263c9eb56fb5ee7963
  • b5532f3c41be25db7c75f4cab0312ed4
  • 876778d1fa5b67e4adf3a085c1579743
  • 59484142297295b43dad865a0b57862d
  • 33e89c491e8377e0f0a75c8c610047c9
  • a4c580412aa4aa617bdb1e32f407e950

SHA-256

  • cd5a8de963a29d07bb003a8d03fa7ba38e5004641fe8138885c967db46bef0fc
  • 3fb8ef0e57d3cbad82483cba016a1380698f2efca89d80d29d2cfab35b5c5cce
  • c9f3809e03b16e882045d60098de50368ec918f1ebf62ef620269b847cc05bcf
  • 209bc147912ee7526795ad19a9ee2bcd2a173528fb7106a224e899d2ff703c56
  • ad75284df4f8f435046b71ba271cd8980dc041ffaaac9e1c80df5c2e8210aa09
  • bf4d2ebcd94f97f4b6955d24837ba651e5318e71a37054e3014d65e3f93d750c
  • 186c6d9436fede48c161c51f7abe10e254659389ef9a2b0b4c780b99e3a8d2e1
  • 628fa0100b8c459a19cf05694b43056189dfd7b30f66f6502412bbebc7bfa483

SHA1

  • b92ab805e7c2884abcf371179b0d8989c4f90025
  • 71b745e90a56697062984e2c3d96f83395a62d64
  • 7ec38fcc6807f09b428e6ea1fcd6fb6b5d6e61eb
  • d0dd55df3e72d499aa70742943e22801d2ed2606
  • 343c3f047ad208b86312862a200f74fb3beabaa9
  • 02c530a67504ddb166a99cd1d48d8f8e60f81a12
  • a9006b70f4a53ba5ce01d50045a158e232fb7834
  • 768c47134896638676682fb3ad6da715c4f95a17

Remediation

  • Block all threat indicators at their respective controls.
  • Search for IOCs in your environment.
  • Do not download email attachments coming from untrusted sources.
  • Do not download any files from random sources on the internet.
  • Keep WinRAR updated to the latest patched versions.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.