Rewterz Threat Advisory – CVE-2021-28814 – QNAP Releases Improper Access Control Vulnerability

June 15, 2021

Rewterz Threat Alert – Lokibot Malware – Active IOCs

June 16, 2021

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

June 16, 2021

Severity

Medium

Analysis Summary

A new Agent Tesla campaign is seen targeting victims with malspam. AgentTesla is known for stealing data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. Agent Tesla collects personal information from the victim’s machine, steals data from the victim’s clipboard, can log keystrokes, capture screenshots, and access the victim’s webcam. It can kill running analysis processes and AVsoftware. The spyware also performs basic actions to check whether it is running on a virtual machine or in debug mode, in an attempt to hide its capabilities and actions from researchers. All the data it obtains is sent in encrypted form via SMTP protocol.

Impact

Credential Theft
Data Exfiltration
Information Disclosure

Indicators of Compromise

MD5

047835eb456902b63eb14d9091a0169d
6329f532af9e79c069a28a98fea78070
87ad99c3fe21f3c3eddf7c915221251b
8d3ff1cd869c299a5d6ce4e6c56c727a
d30e5c313e04edcc1321bfd7796d2cc4
5be6ea87b100834245fb819af39ab807
73c306767d36dca8953b29b9ed771c67
de46e16c9e4125141ea0e8a384372118
e93b1ed868cced1c963bd666e720ea5e
fef22e21b625751676fac325b7db5bab
ad6a505f5608e0683f9c3e8cb464a0b0
12eb5fab9d27ae2afd8c8a45c9022d4a
406914688fb6658ef9939b305bc9d5e4
e329a710a8f4158e645786e437abb5a7
c7242d2159b091133f226a8085146c5f
24fe1af09f09998037e1f66b79da59d4
e2e3079ac8c5cbbcc7073ca306ab42ac
3f55930379405101324085031a4e8268
a19292c93b4cca6ea264f6a951ca75a9
08080ca2b487e9ee3a7ed98e2449745f
6b9c5d9e36506e37e6834a15db6944ed
ae2d103b6c3ba7db84af69ff3788f855
189f751060c06e1f314e66caa6fe863f
80b912d67bc289b2d40c99f31e1d1056
87dd16347308af90af3023e507347c08
efb321c542e621662705c0d6e92ef516
fe5d039de5e9cd4fc062f821bc706d35
e33d87a12a5ead1ee840f1c40af5705c

SHA-256

de2e00592af25f6033e0b10dbf2974b1e482ad117118cb726892a89acf2cd47b
1a7916565b10df8a93edb90f8c4518ae990a949aca2c17ef6f976849a6685ead
128ed4ceeb4d3b644afffd03c466420d09eddd9a627f80727f72152e109e6dca
afd99cf62810bca170cdf3280e0f6084d91add6c0312a70787ab7d137145974b
9a04777899da2509413e9627255b0dbd173151f2ba4999c8840e3e10f141e8ed
33f876673f95a241651fa65cdd841403444db462314f5de6ed7a760807b083e0
de7e1613ab7bc3f5a2f3fe3e4922080e5477c4660d7c753a4e5f69bc16e78fde
38144b2fe2b8b7e14c2a892bf277c2808c5d184cf0592bae9aac459b3ec7323f
8eee1f8b7655d3d380d4e6ab08f039aa8c16982f75d5600616f3999a83fe1ed3
11c037956daa879a8c11b0a7940a08bd015ae141a2c62520ab812eab7230f5c5
a016990a2bb73dc10711541c87881711fa164e25d475e3a0de134ffe79b29edc
601f9e7a9b071980effc81bfefb3eaa6c99096ba80405c1fda8a0ec1754585d9
104c6a0e538ae1d3f165dcb849a8c4d6e6f68e04d09c11c6c075f514e522fd5c
95fffc44a4527eb461642efcfa34516df9f3f4fceb85bf22a170db8a2ebb1795
92f825a8a6a755a0b0ff41e3b9267aacaa14d95e1c9ed735526515f1491b4936
3490767aa34d2f3811433381dc6db3075961c5d3c9b54b4f78800d65ba2ae3eb
49be8f3be48cdaf1e0a536a1fff4918e3897e2c46aec0e413faaa03521b91ce3
79e75ea4b6fe994fde869707c55912c311c0a845872af69203eff3ec0223c29a
a47963fdbc15c52927ee5fe99d79ab636b6787bd3146d79c9934c94d549c5901
25e7675bc14fe92063c0cb53516445b0e04f46d582902f621a2ef5c959fbc985
15f30978ac1a24cf41dda06fbd082e3edac2b8f465abe9cc47ec0a01e9ed1b6a
d076926bf5b71bcca0ab9c40ad03948e57236a3a24eb38a4e1dbaddbe5caa67e
a353e30831fba78c7d08215500b4dadcdd20e5b147af66d6610012209e515aea
ca25dc34f9e81abc3101d010f1442c6ee544c82a270c41703c801d09264af2e5
b8c5e6876af13865c8c3698ced08acd5b3696c00e3217dc479d8b4d5c88356a4
2c4cb26d98219877c05522789509b199068a89d397214b1387af75047cfe9345
7d330e99d8984003178e9901572adc43d719d4618aaa076a8e697eada127c014
acd89d35c07176ede6b75c95dbec3856468b2532f9c145915fc7e0a3677f2003
3096ae5f009c04f73314141290f84922d834c35badcc984376f747cae1c56b62
494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2
4e7f8e062b62807aaa0cb39b664d3615770d84b42cf6654f22c3dff2376e3c4a
f7c695a5b7af995eb99168d14218322484daddc685a7e8f4ab3de5888368b676
a0fc7a3730fb9125bd92aa5f06e1942ae159a2030e228bc718fefac556a81a5c
8cdbdc48eeff6dbd8b3cf2bcbf91b4c58c5479e8c3779f36debdd3856f17b185
ce1ca209da37b39fa02a766d9db0b542ca3fcbf5f0ac550a233a7b813709e3db
e310c6b4b1aadec0f91646dc9e36e1b36b8f74e9435dd5c2d5cd92cfbecbe7a5
34886616b6b5c7af447671106cfc9dc4d28a52647e5b208eef8d1aa0a7f78549
3039102bad932f92e0df997a343586b5a553f010434449b5a26866b8d27e3563
fb89ea1418248072f812a1da9f0021c385ecf567edd6b50115aaf254efd50f7b
a22164fcb40ad35f1d4034ea74aee6ce152f6a01d9defceffa58185fd50ab04e
668467454f962a8a8fdc49490d1d0bc02538e83fc7e22d07b932e903dfaa4d5e
234627cfcb2ea4b133aa64b0899901a223f433cdf5e43a39ca2ada45aa59784d
f2919e2555974e4a0732228df78fbcf02ed5602bba91b20cbfe6a2c59badaec7
15e4b7a4a7ca443ebbcda9380409bdf0bfeac547c7bc71b040ef8d4b26402b8f
046f729739e74854f70e0227d4e778e35f0db894ce5779f57506eb3aa2b2ba20
89a1719d088f9d09d8adb2e8f1aeb61e18c3efe48b4bae298d88cafdc66a7949
dbfa73853cabc5bbeba9df3f5a29096618a0f169dbd91719b2e2e632ba800674
fbae2ea5fa7f68104cb068fdff62bb8cd576afa26d6075dbb5179410e5014b68
5767d191a3061915524f867f959324f9f9dfd1bd1420f681e82b781af55084ed
d4dcc4fb8eb0e9da475cb171f76b3baac2e6846537a08703b47f6176984c5cba
dc83ce579bf97edda366eac1cae7c913cfef6617325bf73454917f99359519d3
5133f50e4eba6506c9b0236ee2b881301886ab8967b75316d9b259063ca1a2dc

SHA-1

94ac99f80936c0d6af4aeb804b6cd03b080a5583
15c0328bf10c7c1429f0377fba4562f0dcafff11
dc7a2cfef2f09d3122eb1243eb6d685950b90e4a
f7ca84790784632c22b8109f31743749f0b27fc5
250a264f1f688caf65ecd62b04ee368844473b1f
4fa0951848b0a0c535d21f2df28001b4b462456e
e19ee8159e1cd6d6d141e81db5105ac5d89f102f
eaa891e7c4d67f7074c4e52206dd7eb9f2d8eaa0
525069b273e61c1f5d9c62caf95b61ffe4d705cc
b132cb3b9b0fc1e716850bf17e1bfb0a8617d99e
6b007b6f7320e2260cf381d2d3d7eab8f0d439e4
dcb7d55ace91f4b333083037246f4b320b11d943
c96792790fa0bc99c26a3affdd35f6ff2bee6064
df427a106e822213a401334b1f2b8951d07e0020
f7a2290d7a53b58577ac0890768af7a15464b0a0
f777b07030b6cfdcd569dee4deab25db99a7de0e
5236549f1fbe0f93f4bde89e6e96a34ff98894c3
76e77fbed98809446e8d79e842b7962b700d9682
16bab4a9841408d21ea88854587da21678e8ae89
4835253aab109db08fdf02108d8f09b2342cb644
fc7d2f21038b88eb2715b018bdcda50b2da6565e
4d57f3d57d6463aaaf9a3d881b30649e5afda0f6
63f70746bb89255320b342533345a2988b180643
4115332c26ca6e1dc8fd884d2d732e56ef51c864
811f034e522fd1c9f4ad99d28daa680a649d0379
1773a39aae74af10283f1f25978c1eb1afc37d69
ec30432a74c40dd7e87f90563c06b474da63bcb1
bf97f4106e1fd04543eaf007f7e53abf9002332e

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert -New Golang-Based Botnet GoBruteforcer Breaches Web Servers – Active IOCs

Rewterz Threat Alert – DarkComet RAT (Remote Access Trojan) – Active IOCs

Rewterz Threat Advisory -Multiple Microsoft Windows Products Vulnerabilties

Threat Insights

About Us

Our Leadership

CSR

Connect with Us