Rewterz Threat Alert – Turla and ComRAT v4
May 28, 2020Rewterz Threat Alert – Paymen45 Ransomware
May 29, 2020Rewterz Threat Alert – Turla and ComRAT v4
May 28, 2020Rewterz Threat Alert – Paymen45 Ransomware
May 29, 2020Severity
Medium
Analysis Summary
COVID-19 based threats identified a phishing attempt by cybercriminals using a HSBC Bank-themed email to trick victims. The attachment is not a payment advice but a trojan.
The attachment is an ISO image containing an executable detected by many AV engines as a Trojan. These kind of phishing emails luring users to keep themselves updated on the status of Covid-19 or finding invoices of their payments are continuously being used to rob users of their credentials and their sensitive data and financial loss as well.
Impact
- Credential theft
- Exposure of sensitive data
- Financial loss
Indicators of Compromise
MD5
- 5477606574c1ecdc50578aa2ea9df2b4
- 27f6606bc1821a60ee0fdf067616559d
SHA-256
- 8db4f32cb21d636a59afa76b553e18802098f117df1940e7f78402218bcb960d
- fbb838e50d66456115e0d8ac30bfd63eeba487de13cd25fbf8fceef7f2dd1ba9
SHA1
- e080ebea296dfbf07ca794d32fa84159f0ea1b90
- 1fcb12ffdf2b4bd0b6e9304dd148046905932c0f
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.