• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
December 31, 2022
Rewterz Threat Alert – MeterPreter Malware – Active IOCs
January 2, 2023

Rewterz Threat Alert – CryptBot Trojan – Active IOCs

January 2, 2023

Severity

High

Analysis Summary

CryptBot – a Windows malware – is capable of stealing credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. Cryptbot hides within legitimate software in order to be installed by its victims. CryptBot threat actors spread malware via websites purportedly offering software cracks, key generators, or other tools. To gain widespread visibility, threat actors utilize search engine optimization to position malware distribution sites towards the top of Google search results, resulting in a steady stream of potential victims. It can also spread through a fake vpn client which is called as Inter VPN, when executed, it infects the system with cryptbot and vidar which then runs a AutoHotKey script leading to download executables from malicious websites. 

Impact

  • Credential Theft 
  • Information Theft
  • Exposure of Sensitive Data

Indicators of Compromise

MD5

  • f2d0f8587dccc2528412e0e8e0f35cc1

SHA-256

  • 46c8d04c28e274e8e1c1d91f3522a2f354e27cc26da67adabcefce8cc0371807

SHA-1

  • 1a99909b56881829cc03cf2430b64a6f70a83633

Remediation

  • Block all threat indicators at your respective controls. 
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.