Rewterz Threat Alert – Vidar Malware – Active IOCs
September 13, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
September 13, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
September 13, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
September 13, 2021Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 17f8f314529c45651e0e987c36a61231
- 763219de0d4f42f844c1e7ab0fe81694
SHA-256
- 360b4a666ae4236292bdd931b283ef63ad649bf03010ea81306c4739b56cc20a
- a4c1eb613f0d180ffd0c0320846570a73408c0a4c327281195887a3ef8471615
SHA1
- 0a4e25f5258a23ed00e0c218f802c2c69aa75d09
- 657a2061d0bcffa65be1378a98a45a465cb972de
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment.