Rewterz Threat Alert – Shodi Malware – Active IOCs
March 28, 2022Rewterz Threat Alert – BlackMoon Banking Trojan – Active IOCs
March 28, 2022Rewterz Threat Alert – Shodi Malware – Active IOCs
March 28, 2022Rewterz Threat Alert – BlackMoon Banking Trojan – Active IOCs
March 28, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential Theft
- Sensitive Data Theft
- Keystroke Logging
Indicators of Compromise
MD5
- 0808b68d09cd655fffd75fa7ff512cdd
- 3dc9158c80ce1c2fce4e790f5c3fc85b
- 0d2bc38920c4d006db1433f55e3847ce
- ad5504d9dbb476d447e419e422d756e8
- 36a1418f1d78ac454106252aa0789525
- e481e4352cbd8ab6ead3cff49d473c37
- cf373731b566051231f3d3137ffd32e6
- aa5bec3fc7d67dff5a8f52483dc8b57c
- 8930a6c2109dad377a218cf36fdfbf96
SHA-256
- 7c4498328cef0faaab309c43e2b0122dd33164c9cadeae33f47d3a348d1bcb8c
- 6a54522390180a2d94e47013c901b57095e30d2843c11b8f55d7b63ba8e9dc77
- 41573d104263a727eca5295cd59bf91c93d2a24ddb024d84f97244bc120036e2
- d6e96fd4a8960b01d5a03e2d0fc3c0e502e7e5d0b4648eb53aa6e7eae42d2c7a
- f56e78fdd05ad22063c5d64f7852017ad8b8859015d420473917197dd7565403
- a1844c54e3b36bd69aeeeea0ddd335114f344f20904fcdfcd5a3980328ebf19c
- 8148dd3ee6012f7db971e265ab70be2fd0f2aba0698822dbaef940ddf889364c
- 1d9709a43a56ed769aee507cd4b9116ca3d72d93a86d612c0984f6ab375c1717
- 7f2f847bde8c4df56662677d1df9c413b2328786469a6065b6793ad90198e35d
SHA-1
- 51099ae2efd1c4273aa82a8b497c6caa0010fc8f
- 8b61ed17e4537227ba67ed34f05ba10c125b0a56
- 902fc7c03eb33119d113c1564fd878dbe17bc7cd
- 17ac48763bffe4afb0b1275aac07a31f6d24eac4
- 701e00fe1dac8626cb5cf2c4518e44d8ffa0cdc5
- 18368f04293fc7ce3e9ab6d5a9650d42cd2ac822
- 9326c6a59b71739cac1ca3a892b14fa99fb560dc
- caaea4dba262c6f133184d2ff63e3952df338aa1
- 6e0e5170f838144c456fc008e7778d103df6cdf4
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.