Rewterz Threat Alert – DanaBot Trojan – Active IOCs
July 22, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 22, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
July 22, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 22, 2021Severity
Medium
Analysis Summary
A new Agent Tesla campaign is seen targeting victims with malspam. AgentTesla is known for stealing data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. Agent Tesla collects personal information from the victim’s machine, steals data from the victim’s clipboard, can log keystrokes, capture screenshots, and access the victim’s webcam. It can kill running analysis processes and AVsoftware. The spyware also performs basic actions to check whether it is running on a virtual machine or in debug mode, in an attempt to hide its capabilities and actions from researchers. All the data it obtains is sent in encrypted form via SMTP protocol.
Impact
- Credential Theft
- Data Exfiltration
- Information Disclosure
Indicators of Compromise
MD5
- ad0aa820dcbc9a5e4287457c8eaf6cdb
- ecbc267f23dff6e65f4876dea864e9c4
- 73bb12c76ed5c20288ce04c4f4366a04
- fd759dd1bc9fd7410275b3241e033056
- befe3d95c55d3c6fc83d5eeaf8f3e550
- 7a40cd9e714745a9bce60e0d701561d1
SHA-256
1f36a33a58c5ff8769f6476da0bce547f0dee33b6128cb95b27e6074fc920f5f
e91d4c6875dcf52f7d849a077235b5a0df9980a4bc6635ab2b59dae15ef12d11
60787d8474b04b246ce69957c1d0e4f31b80e93f699eeec2ae3a707a8e933453
0ea5f38a33714a857aa46a7dd180fd85fea2e0eb1e919671d13b2fb5cae5296e
20360050391061fb78185db1572aad05b002bf993209fce7331dd7c184e83aec
b88873800d3b8f5dfc5bdf05009809efe725bbb8970cfb05cb6916452d4501a7
SHA-1
- 366b710a60122772ca55b7dbc7a01a64ff9c848f
- fc883996085ba8339a9856816638ff6f82c33006
- a715c9959b4c077b4f6a336925c2f71b5fcb7491
- 1b54a28e2733bb327613d9b28faf52bd03cecefe
- 2eb7b5bd16baecbc8fbb1743904cfc56c088b28b
- 639e8ee368923a5d965685985353474fa35ad70a
URL
https[:]//agenttesla[.]com
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.