Rewterz Threat Alert – Black Basta Ransomware Group Targeting US Companies With Aggressive QakBot Campaign – Active IOCs
November 24, 2022Rewterz Threat Advisory – CVE-2021-35246 – SolarWinds Engineer’s Toolset Vulnerability
November 25, 2022Severity
High
Analysis Summary
Eternal Stealer – a malware family – can access data from systems like Credential Manager, Vault, and Network Passwords. Browsers, password managers, email clients, messengers, and offline cryptowallets are all targets of this malware (cold wallets). Its creator uses Telegram IM (Instant Messaging) service to market their malicious wares.
Recently some researchers examined the ‘Eternity Project,’ a Tor website that sells a wide range of malware, including stealers, miners, ransomware, and DDoS Bots. Its operators also run a Telegram channel with 500 followers, which is used to share information related to malware updates. Through their Telegram channel, they allow their customers to customize the binary characteristics.
Eternity Stealer
The Stealer module is available for $260 per year as a subscription. It steals sensitive data such as passwords, cookies, credit cards, and crypto-wallets from infected systems. Telegram Bot is used to exfiltrate stolen data.
Eternity Miner & Clipper
Customers can configure the Eternity Miner module with their own Monero pool and AntiVM features for $90 as a yearly subscription. For $110, the Eternity operators also offer the clipper malware, which monitors the clipboard for cryptocurrency wallet addresses and substitutes them with the attackers’ wallet addresses.
Eternity Ransomware & Worm
The Eternity Ransomware costs $490, whilst the Eternity Worm costs $390.
According to researchers, they have seen a considerable growth in cybercrime via Telegram groups and cybercrime forum, where TAs sell their products without any oversight.
Impact
- Sensitive Information Theft
- Credential Theft
- Crypto wallet Theft
Indicators of Compromise
MD5
473f46db582a36a515ecfe8e5868fdb8
2f8df206ba700503dbebf59e937af0ec
SHA-256
e4be69c1ceba3062ec26e49016f33883b861bcbc78894eae4995f6a3491975ba
6bb1564eca89071edd9c42b84481aed5f3f5aaccedb8f61d6fb892b7f08bdca7
SHA-1
05ce62f525777fba78008f1f173a276e64fce313
7c36d57af94f2dd16a62c09356b4ef2c63e456fd
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at your respective controls.
- Do not download document ?les attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.