Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
SEVERITY: High
ANALYSIS SUMMARY
A massive Malspam campaign using zipped JavaScript (.js) files as malicious email attachments is discovered. The
attachments begin with ‘Love_You_’ indicating the subject matter to be love letters.
Behind this LoveYou campaign are hidden malicious hate-worthy entities. The infection traffic includes GandCrab
ransomware, a Monero (XMRig) cryptocurrency miner, and Phorpiex spambot traffic.
Several HTTP requests for additional malware were spotted in the infection traffic, creating multiple copies of same malware on the infected host, which generated Monero (XMRig) cryptocurrency mining traffic as well as the expected post-infection traffic patterns for GandCrab ransomware. The infected host also turned into a spambot for the Phorpiex botnet.
GrandCrab dominated the infected host and its file downloader also established itself on a USB thumb drive plugged into the infected host.
IMPACT
INDICATORS OF COMPROMISE
IP(s) / Hostname(s)
Ports
URLs
Extension
Email Address
Email Subject
Malware Hash (MD5/SHA1/SH256)
REMEDIATION
Consider blocking the threat indicators at their respective controls and strictly avoid opening spam emails coming from unknown sources.
If you think you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com.