Rewterz Threat Alert – Flawed Ammyy RAT (aka FlawedAmmyy RAT) Malware
February 25, 2019Rewterz Threat Alert – Coinbased Smishing Campaign Dropping a Malicious URL
February 25, 2019Rewterz Threat Alert – Flawed Ammyy RAT (aka FlawedAmmyy RAT) Malware
February 25, 2019Rewterz Threat Alert – Coinbased Smishing Campaign Dropping a Malicious URL
February 25, 2019Severity
Medium
Analysis Summary
A new email campaign has been discovered that drops malicious files via spam emails. During analysis of these malicious files, a variant of c99madshell was found with a full suite of attack capabilities on web application servers running older versions of PHP.
Impact
Malware Infection
Indicators of Compromise
URLs
gulfup[.]com
Filename
10_lot_photo.jpg
Email Address
xkemox[@]gmail[.]com
Malware Hash (MD5/SHA1/SH256)
- 8e50e5e71ff22abeaf878a1d2dbb274ef84e0d4f9ccc120bf0c3b016fce0fe13
- 5179a36d40e1148eb54af2eeeb932a16cf397326a19f5ca2678be4f5ff28914f
Remediation
- Maintain up-to-date antivirus signatures and engines.
- Update PHP to the latest version available.
- Keep operating system patches up-to-date.
- Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
- Restrict users’ ability (permissions) to install and run unwanted software applications.
- Keep administrative privileges strictly limited to relevant users only.
- Enforce a strong password policy and implement regular password changes.
- Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
- Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
- Disable unnecessary services on agency workstations and servers.
- Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
- Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
- Exercise caution when using removable media (e.g., USB thumbdrives, external drives, CDs, etc.).
- Scan all software downloaded from the Internet prior to executing.
- Maintain situational awareness of the latest threats and implement appropriate ACLs.