March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – LODEINFO Malware
June 15, 2020
Rewterz Threat Alert – APT Group Lazarus – IOCs
June 15, 2020
Rewterz Threat Alert – LODEINFO Malware
June 15, 2020
Rewterz Threat Alert – APT Group Lazarus – IOCs
June 15, 2020
Severity
Medium
Analysis Summary
12 applications being used to distribute malware Anubis and Spynote which steals banking and personal information. Countries affected include Armenia, India, Brazil, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia, and Singapore. The application is modeled after legitimate applications, specifically Coronavirus. The application asks for accessibility services. Once enabled, the permissions run in the background and hides the application icon from the application drawer. Its primary functions are accessing SMS, GPS, Location data, contacts, capturing photos, and other functions of the device infected. This infected malware then installs the legitimate application upon hiding the malicious application.
Anubis is a banking trojan utilizing overlays to steal credentials as well as accessing infected devices whereas Spynote asks for other SMS, GPS, Location data, contacts, capturing photos, and other functions of the device infected.
Impact
- Credential theft
- Exposure of sensitive data
- Financial loss
Indicators of Compromise
MD5
- c448ae9ad80f088e9296f08a114605e2
- 66b3529f7589cac62960bfacc9dbc5f4
- 0ba9d47e0d9fa0b6db4f397a34f7efab
SHA-256
- 1d94952245f517602227938a26c498006143d7b8a92dd259f595715255b99ade
- 885d07d1532dcce08ae8e0751793ec30ed0152eee3c1321e2d051b2f0e3fa3d7
- 41bb86666543349bbf82e157b4d69a893f9b9c0fd37a8dce59048d8e000af3d6
- add9a29ee75b55ec8d6d7ee4f5119084edbeb3db04cbcce0af30c28758182296
- 8b8dfb8fa7c313d9d7c1b1a67646abdb54d8cfd18773b136a10f191ca27098fc
- d7fc4377b7a765d6bc3901d0de01008095965d02062fda3707957163afe8884d
- a03fe22f32b683a34c452a74fbc8e78f5f33132332149fe726945397c37d37a6
- e6786770a2a81ce798178f4eef4ae2290dfb1977ba5ced8cdbd01ddca3fadd17
- a76bb2e56079dca73d759cdae9857cd5626c200785f004e492f60ce52784f745
- cafc2a8e3dc818de9bb5b0eff1a9983426e5db9cc8c0d42905cefeb99b442099
- a891a9f77671623f6c397a03bc9ec7effc362a56e6f2ebb22967eeb6e4e9a14d
- a9eaea748420a5f832a208b35be7107b5fef389a844c0659688466d3a8fd3eb6
- 090b5fb792b62225df6ca55fac2d96b630d596a61b7071009e0084056d04240a
- be2a9bbdb89e48b5eadc52830d6f92dc4355adc2bc95d5ac5d6748fee68acf1c
Remediation
- Block all threat indicators at your respective controls.
- Always download legitimate/ recommended applications from playstore.
- Search for IOCs in your existing environment.