Rewterz Threat Alert – RedLine Stealer – Active IOCs
February 27, 2023Rewterz Threat Advisory – CVE-2023-22860 – IBM Cloud Pak for Business Automation Vulnerability
February 28, 2023Rewterz Threat Alert – RedLine Stealer – Active IOCs
February 27, 2023Rewterz Threat Advisory – CVE-2023-22860 – IBM Cloud Pak for Business Automation Vulnerability
February 28, 2023Severity
High
Analysis Summary
CryptBot – a Windows malware – is capable of stealing credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. Cryptbot hides within legitimate software in order to be installed by its victims. CryptBot threat actors spread malware via websites purportedly offering software cracks, key generators, or other tools. To gain widespread visibility, threat actors utilize search engine optimization to position malware distribution sites towards the top of Google search results, resulting in a steady stream of potential victims. It can also spread through a fake vpn client which is called as Inter VPN, when executed, it infects the system with cryptbot and vidar which then runs a AutoHotKey script leading to download executables from malicious websites.
Impact
- Credential Theft
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 6211375945c96fe6125d1574ad6ed320
- daffebe85db2f9cceafc999e3df6726e
- 136ee18e3a3e277569855f984027d9d6
- 65eed8526347297c41ef0b8097902e3e
SHA-256
- 533d169364edf867fafa28fb948a564c032312794a5dc01f27464be65892775b
- 1aecc833c303e9ed4757c4cb94a2a9e2957ba57a385e55b1ef23a8bc3d52fbfa
- 3bf71e43be44490d76f643f008888c869625625109a94f734bdf268f6222a90a
- 1e0e5d2ccfcf86beddebaa1a8eec2ca5a3c7db89c3db255de215530f7e6daf4e
SHA-1
- 08cb3937bcadf457a85ebf16663d4306d6e36019
- b83c835c51a8f354c7570aedec7c2940f68b65e4
- 88a7d02c4803f49abe986a0f862fded6f8a9c685
- 91ee173e70c5be93893f97a31ec991d97a5e567c
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.