• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Formbook Harvests Financial Data using Phishing
September 25, 2019
Rewterz Threat Alert – Phishing Attack Uses Google Redirects to Evade Detection
September 26, 2019

Rewterz Threat Alert – Malspam pushing Quasar RAT

September 25, 2019

Severity

Medium

Analysis Summary

Quasar is a publicly-available Remote Access Tool (RAT) for Windows hosts. This RAT is being distributed as malware through malicious spam (malspam). This is an invoice themed malspam posing to be coming from Emirates Industrial City. Below is a screenshot of the email from isc institute.

image-1569413790.png

Impact

  • Unauthorized Access
  • Remote Code Execution

Indicators of Compromise

IP(s) / Hostname(s)

  • 192[.]3[.]204[.]194
  • 45[.]74[.]60[.]135

URLs

  • hxxs[:]//www[.]tradersbolt[.]com/126/invoice1[.]exe
  • mail[.]totallyanonymous[.]com
  • www[.]tradersbolt[.]com
  • ip-api[.]com
  • greatest.ddns[.]net
  • puu[.]sh
  • icanhazip[.]com

Email Address

  • tpwilkins[@]yahoo[.]co[.]jp
  • alsaqr3[@]eim.ae

Email Subject

  • Hello [Target’s name] Urgent Account details confirmation for payment

Malware Hash (MD5/SHA1/SH256)

  • abc980ebd2463ff522ff090914cc21d02915f643f385ee0ea0af23d51a18e47f
  • 36bbba67af90faf31808412008c61db3
  • 065ac3f23800921135b1794706aca86ab59c94ab463c5c17a4d3535bf9aab828
  • 101e6dfba90b9b82a23caf5e47f72e97
  • 389863b056fa0c3d4ebf130103445bc56769824f1e6cecea9c950744b80752b0
  • 28a627d45425192d6f28fd0d324445d7
  • edcbbb59405b2bb97269ed5db32a15b57154221adb9504ff828ee367953cccc1
  • dd53b81b262364cd0051cdeb3bd54c7d

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download email attachments coming from untrusted sources.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.