Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
December 31, 2022Rewterz Threat Alert – MeterPreter Malware – Active IOCs
January 2, 2023Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
December 31, 2022Rewterz Threat Alert – MeterPreter Malware – Active IOCs
January 2, 2023Severity
High
Analysis Summary
CryptBot – a Windows malware – is capable of stealing credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. Cryptbot hides within legitimate software in order to be installed by its victims. CryptBot threat actors spread malware via websites purportedly offering software cracks, key generators, or other tools. To gain widespread visibility, threat actors utilize search engine optimization to position malware distribution sites towards the top of Google search results, resulting in a steady stream of potential victims. It can also spread through a fake vpn client which is called as Inter VPN, when executed, it infects the system with cryptbot and vidar which then runs a AutoHotKey script leading to download executables from malicious websites.
Impact
- Credential Theft
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- f2d0f8587dccc2528412e0e8e0f35cc1
SHA-256
- 46c8d04c28e274e8e1c1d91f3522a2f354e27cc26da67adabcefce8cc0371807
SHA-1
- 1a99909b56881829cc03cf2430b64a6f70a83633
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.