logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – Kraken Cryptor Ransomware deceiving as SuperAntiSpyware Security Program

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 15, 2023
    March 15, 2023
    Rewterz Threat Alert -New Golang-Based Botnet GoBruteforcer Breaches Web Servers – Active IOCs
    Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]
    March 15, 2023
    March 15, 2023
    Rewterz Threat Alert – DarkComet RAT (Remote Access Trojan) – Active IOCs
    Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]
    March 15, 2023
    March 15, 2023
    Rewterz Threat Advisory -Multiple Microsoft Windows Products Vulnerabilties
    Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – Kraken Cryptor Ransomware deceiving as SuperAntiSpyware Security Program

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 15, 2023
    March 15, 2023
    Rewterz Threat Alert -New Golang-Based Botnet GoBruteforcer Breaches Web Servers – Active IOCs
    Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]
    March 15, 2023
    March 15, 2023
    Rewterz Threat Alert – DarkComet RAT (Remote Access Trojan) – Active IOCs
    Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]
    March 15, 2023
    March 15, 2023
    Rewterz Threat Advisory -Multiple Microsoft Windows Products Vulnerabilties
    Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Advisory – New ‘Brrr’ Variant of Dharma Ransomware released
September 17, 2018
Rewterz
Rewterz Threat Advisory – Oracle VM Server for x86 update for kernel-uek
September 17, 2018

Rewterz Threat Advisory – Kraken Cryptor Ransomware deceiving as SuperAntiSpyware Security Program

September 17, 2018

A recent version Kraken Cryptor 1.5 poses as SuperAntiSpyware program, to manipulate users into installing it.

 

 

IMPACT:  CRITICAL

 

 

PUBLISH DATE:  17-09-2018

 

 

OVERVIEW:

 

 

August 2018 saw the advent of a newer ransomware called Kraken Crypto, whose latest version Kraken Crypto 1.5 masquerades as the legitimate SuperAntiSpyware anti-malware program so users may be tricked into installing it. Once your files are encrypted, there’s no free way of getting them decrypted.

 

 

ANALYSIS:

 

 

All this fiasco started when someone with a malicious intent got access to the superantispyware.com site and distributed the ransomware from there.

 

The Kraken Cryptor installer spotted by VirusTotal was called SUPERAntiSpywares.exe which is an imitation of the original super anti-spyware filename with an additional s. However, this malicious executable has now been removed from the website. Not only the filename, but the ransomware also uses the icon of the SuperAntiSpyware.

 

 

 

 

People who were redirected to SUPERAntiSpywares.exe executable and installed it, found their computer files encrypted due to an easily exportable embedded configuration file containing a list. It contained a detail of modules and if they are enabled, processes to stop, the public encryption key, emails, ransom prices, extensions to encrypt, files and folders to be skipped, countries and languages that won’t be encrypted, and more.

 

A portion of this configuration is given below.

 

 

 

 

  • The ransomware will create a file called C:\ProgramData\Safe.exe and execute it.
  • This program will then enumerate a list of all the Event Viewer logs and redirect the output to the C:\ProgramData\EventLog.txt file.
  • The program will then remove all the logs listed in the Eventlog.txt.
  • Kraken Cryptor will also check the language and location of the victim, and if in the following countries, will not encrypt computers running on languages from Armenia, Azerbaijan, Belarus, Estonia, Georgia, Iran, Kyrgyzstan, Kazakhstan, Lithuania, Latvia, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, and Brazil.
  • Any processes that disable file encryption by keeping databases open will then be stopped.

 

These include:

 

agntsvcagntsvc, agntsvcencsvc, agntsvcisqlplussvc, dbeng50, dbsnmp, firefoxconfig, msftesql, mydesktopqos, mydesktopservice, mysqld, mysqld-nt, mysqld-opt, ocomm, ocssd, oracle, sqbcoreservice, sqlagent, sqlbrowser, sqlservr, sqlwriter, sqlwb, synctime, tbirdconfig, and xfssvccon

 

  • After terminating these processes, the ransomware will scan and encrypt files with the following extensions.

 

 

 

  • The ransomware will also download SDelete from the Sysinternals site and execute a batch file called release.bat which will clear up the SDelete and overwrite all free space of drive with zeros so that file recovery gets harder.
  • It will also cause the computer to shut down, disable Windows startup recovery, delete Windows backups, and delete shadow volume copies. In rare cases, the shadow volume copies can still be recovered to gain backup.

 

 

INDICATORS OF COMPROMISE

 

Hash:

  • SHA256: 9c88c66f44eba049dcf45204315aaf8ba1e660822f9e97aec51b1c305f5fdf14

 

Files:

  • C:\ProgramData\Safe.exe
  • C:\ProgramData\EventLog.txt
  • # How to Decrypt Files.html (the ransom note which is found in every folder)

 

The ransom note contains a unique victim key and instructions on how to make a 0.125 bitcoin ransom payment.

 

 

Associated emails:

  • shortmangnet@420blaze.it
  • BM-2cUEkUQXNffBg89VwtZi4twYiMomAFzy6o@bitmessage.ch

 

 

MITIGATION

 

  • Most ransomware and malicious codes can be avoided through vigilant online behavior.
  • Never trust an email attachment if it’s not from a verified source.
  • Always keep a reliable and tested backup of your data elsewhere.
  • Install good quality security software or consult a known information security firm for your security needs.
  • Avoid downloading or installing unverified software from elsewhere.
  • Enforce strict policies for account lock out to save it from brute force.
  • Make sure all software are updated to avoid all security vulnerabilities coming from outdated software.

 

 

 

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo