• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2019-1736 – Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability
June 2, 2020
Rewterz Threat Alert – Ursnif Banking Trojan – IOCs
June 2, 2020

Rewterz Threat Alert – Himera and AbSent-Loader Leverage COVID-19 Themes

June 2, 2020

Severity

Medium

Analysis Summary

Researchers intercepted waves of incoming emails directed to many companies. These messages were leveraging FMLA (Family and Medical Leave Act) requests related to the ongoing CoronaVirus pandemics. These emails were weaponized with two versatile cyber-criminal tools: Himera and Absent-Loader.  Loaders are a type of malicious code specialized in loading additional malware code into the victim’s machine. Sometimes, a loader can have “stealer” behavior, to opportunistically gatherer sensitive information even if they are not supposed to do that. Absent-Loader does that and despite its name behaves this way. In fact, stolen information market is definitely remunerative for cyber criminals: information gathered from infected systems are constantly sell in the underground, typically acquired by other, more structured criminal organization or also by business competitors.

3z4zombg8txZeAWRfMzZthbOPuB-TkXLTkLIUPV-5I97yJCpGw7lAVHujMLiq4sZMRPfhsn-QcH3xl_XZhnBVRiwDRWhj4lxAUuGzE1isuIaC7CEE7hcj_5b_K4c8KICYHJa6Q4

Impact

  • Information theft
  • Exposure of sensitive data 

Indicators of Compromise

Filename

  • Covid-19-PESANTATION[.]doc

MD5

  • 4620c79333ce19e62efd2adc5173b99a
  • 97fa1f66bd2b2f8a34aafe5a374996f8
  • 4d2207059fe853399c8f2140e63c58e3

SHA-256

  • 501ac08ebac646517b00d3234dfe58837b460bd5f045822d9fb5999f00979bfe

SHA1

  • 0d33b65bee0ca5af8707a16f5a27570287ac111e
  • 7fb3218b1ca76c379e08e7ce4942c2ead4c1e115

URL

  • http[:]//195[.]2[.]92[.]151/ad/da/drop/smss[.]exe
  • http[:]//195[.]2[.]92[.]151/ad/da/gate[.]php

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/ attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.