March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – New Malware Abusing Google and Facebook Services

December 14, 2020

Rewterz Threat Alert – Dark Caracal Targets Multiple Sectors with Bandook Malware

December 15, 2020

Rewterz Threat Alert – AgentTesla Information Stealer – Fresh IoCs

December 15, 2020

Severity

Medium

Analysis Summary

A new AgentTesla campaign is seen targeting victims with malspam. AgentTesla is known for stealing data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. Agent Tesla collects personal information from the victim’s machine, steals data from the victim’s clipboard, can log keystrokes, capture screenshots and access the victim’s webcam. It can kill running analysis processes and AVsoftware. The spyware also performs basic actions to check whether it is running on a virtual machine or in debug mode, in an attempt to hide its capabilities and actions from researchers. All the data it obtains is sent in encrypted form via SMTP protocol.
This current Agent Tesla campaign seems to be using email attachments with the common phishing themes of invoice, quotation request, new order, shipping advice, etc. These malicious attachments when downloaded and executed will infect the target system with Agent Tesla.

Impact

Credential Theft
Data Exfiltration
Information Disclosure
Detection Evasion

Indicators of Compromise

Filename

specs datasheet[.]exe
REQUEST23341234[.]exe

MD5

f8674c0b7be761d12ace57039b6688fd
f3511f0df79889c36525c17db27c51b4
48c9149831946bc0dcec0a6a66d159b1
5cf5ee802d8c13debe04c707489da0b8
3ddf9b5d91a3d979e6477e789ece05b7
666cb0fddb4cf8633c56a4ccaf69500b
666cb0fddb4cf8633c56a4ccaf69500b

SHA-256

4901e545f909725ea2329a68aab1875a244404f379a3a66bbc289fc032dab053
9827198753b9ab546a2789690c63af319a81b61e203486abaee027b304b186ad
cba307ef1a3a55b09513b978a8e592ff2229a30de65b799e081fb1dbea836256
50c08700245c10a4f452c302e09777a88e8d88fac7fa5395756c2b9559f76357
a944ba68cf53d0b13e6ce99e2e90db74cba352c36593aeeef21d001ad98f3d6b
8b26cdcf75986872f5d68ea2e7d46eec7b7e085ce0473b1ec8a4292beaaa276f
108885ad12de3e0c6d7e712eb48bc8c4571b1be01ca4a37f9857f61d7a6d591a

SHA1

d9b8d52c23d59ffe04e6df665c47fa639c682725
116e9800385efcf9b13169b7922fdd606f0e3df8
fb56eb1fa9ac5fd4b54065604fd17845e8ce74a6
5b14d0c4467ee7022661c35966a2620dfc76152a
f31b1b56f7b981c4698bb74731eec7f9a1273fde
fdcf33284d5da54a4f7cf918f2ae7b1b2898ced6
fdcf33284d5da54a4f7cf918f2ae7b1b2898ced6

Remediation

Block the threat indicators at their respective controls.
Do not download files attached in untrusted emails.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – New Malware Abusing Google and Facebook Services

Rewterz Threat Alert – Dark Caracal Targets Multiple Sectors with Bandook Malware