Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
March 22, 2022Rewterz Threat Alert – Serpent Backdoor – Active IOCs
March 22, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
March 22, 2022Rewterz Threat Alert – Serpent Backdoor – Active IOCs
March 22, 2022Severity
Medium
Analysis Summary
W32/Shodi-F – a virus targeting Windows platform – seeks to infect all files with the EXE extension, except for specific Windows system files. W32/Shodi-F specifically targets Scandskw.exe, Winmine.exe, Sol.exe, Pbrush.exe, and Notepad.exe files in the Windows folder. After targeting, it creates a thread to look for additional exe files on the system, including any open network shares to the infected host. W32/Shodi-F drops Troj/Remadm-C, a remote administration Trojan, and also drops JPG file to the Windows system folder with the USR_Shohdi_Photo_USR.jpg filename.
Impact
- Information Theft
- Credential Theft
Indicators of Compromise
MD5
- 2a505684e0fc7413e2de69fcf60acc9b
- aad9f75d000df7cec58ce32434d8cd6a
SHA-256
- 9cc924dfdab2c3d911d9eaa250ae8b2e46b187e91b07580fc1d2cfc668ddf213
- f42255bfdcb9127a33078a66991c7fa8f89e0bad5ac12eabc0196b96b9a191cc
SHA-1
- af03fb5628b62de675c6c95fe7a72d2e25108902
- c3f7424dc8688d05fa27dee392548f504c65bf81
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.