Rewterz Threat Alert – Ekipa RAT – Active IOCs

Severity

High

Analysis Summary

Ekipa is a remote access tool (RAT) that is used to remotely control and access other computers. It is typically used by cybercriminals to gain unauthorized access to a victim’s computer and steal sensitive information or perform other malicious actions. The software is often spread through phishing emails or malicious online advertisements, and it can be used to take control of the victim’s keyboard and mouse, access their files, and even turn on their microphone and webcam. It is important to note that using RATs without authorization is illegal in many countries and using it on a computer you don’t own can lead to serious legal consequences.

Impact

• Credential Theft
• Unauthorized Access
• Theft of Sensitive Information
• File manipulation
• Remote command execution

Indicators of Compromise

MD5

• 100053e76ce732740f98e9aa5b68b6de
• fc4fdbe77f46a294d2bc3253cc3bcd9b
• 7c6652068e978a1acbc8589ce925264a

SHA-256

• 2d52b21737552248917aab87a2c3bb4b15471a05b340b31577a57c749a9d1c07
• 03ff5170f9d3a4e437caa902d143021dd4f828a83db52b7138abf6b0fc801c48
• 40c1bcbe13eed1732485f8660465c0e7c3cca6940cf47df0368b395547fd8c0a

SHA-1

• 97e767db453173ed1f902df64c29eb7aea21e6f2
• 794bd775f0fa93d6cfca5a213dce4214be0d3f16
• 53d523d750d8f03d9dae6379c9abc365bbf07daa

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
• Patch and upgrade any platforms and software timely and make it into a standard security policy.