Rewterz Threat Alert – PowerBrace Malware Targets Financial Organizations
June 23, 2020Rewterz Threat Advisory – CVE-2020-10781 – Linux Kernel Denial of Service Vulnerability
June 23, 2020Rewterz Threat Alert – PowerBrace Malware Targets Financial Organizations
June 23, 2020Rewterz Threat Advisory – CVE-2020-10781 – Linux Kernel Denial of Service Vulnerability
June 23, 2020Severity
High
Analysis Summary
A new version of the IcedID banking Trojan was observed by researchers as being yet another payload taking advantage of the COVID-19 pandemic for distribution. The malware is being distributed via different TTPs. This new campaign changes tactics by injecting into msiexec.exe to conceal itself and use full steganography for downloading its modules and configurations. Whereas previous versions of of IcedID injected into svchost.exe and downloaded encrypted modules and config as “.dat” files. This campaign also takes advantage of the COVID-19 pandemic by using keywords such as COVID-19 and FMLA in email sender names and attachment names. IcedID is a banking malware that performs Man-in-the-Browser attacks to steal financial information.
Impact
- Information theft
- Exposure of sensitive data
- Financial loss
Indicators of Compromise
Filename
COVID-19 Center
SHA-256
- 822a8e3dfa14cd7aaac749dc0515c35cf20632717e191568ba5daf137db7ec17
- 74d6e374d7958e70c6733b6c17e2f0d79b629e172aaf385c142c76678647f3b8
- 436b0c94c1be2be6b328830568ef7f031b45bf6d2377fa9f4b1f872ffb39b369
- 4ca8c054641c1f11c033cc20ebae77c4a41853e2fe693ecf4b93a9719b624c1e
- afdb9b4c2e9a47a137a385e41a47727c0a04b2001aab60d6b3e099d0faf4ddef
- e4f89d4ff1d26e0959c7147df641c6dae3e0d15729a5fd275857e98225b44245
- 3ff97578adea9f45bccea091234c5ccee6a12b3c52e7e29195a45e3c191aa926
- e15744eb13666670ad3cf256c31df57a01c40f355a0f8a592294187d4fedc257
- 454ff6a5ebf01fc7d9c1ced5b081d582d11119ab9b49fc06ccaf22b1b0259c23
- 54197c58c9693580c8ca961d8ff326cbad7688b23627114f7437c59fede46e82
- f1bf5ef89f644b1558dd54e68148e60310d537ca45c2daae2b410c30540d7de6
- e48e4e74dc7e67523878a2cf68b2ce72b5e5c999897e075d6b993e41c81f4174
- ef2ab4bc4ee63dd1b9f04a56fe727a87f56ddd476bc1cd72c78f4d31abff322a
- fd11736701395813459091b6d07878c52b448a4d9a5825517a0308fbfe6fa070
- 9979063dae01bdfffd946ed012e69fabb82be3795323a52b06532b42b0f59609
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.