Rewterz Threat Alert – DopplePaymer Ransomware hits Banka Ekonomike in Kosovo
April 22, 2020Rewterz Threat Alert – “Customer Complaint” Phishing Pushes Network Hacking Malware
April 23, 2020Rewterz Threat Alert – DopplePaymer Ransomware hits Banka Ekonomike in Kosovo
April 22, 2020Rewterz Threat Alert – “Customer Complaint” Phishing Pushes Network Hacking Malware
April 23, 2020Severity
Medium
Analysis Summary
NanoCore is high-risk trojan, a remote access tool (RAT). In most cases, this malware is proliferated using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with viruses such as NanoCore. The presence of this malware can cause serious issues, since the malware distributor gains remote access to the infected system.
Impact
- Credential theft
- Exposure of sensitive information
Indicators of Compromise
URL
- http[:]//www[.]apexsruveyors[.]com/date/eat[.]png
- https[:]//13pope[.]com/wrd/receipt[.]exe
- https[:]//13pope[.]com/wrd/order_evoucher[.]exe
- http[:]//zeytinyagisabun[.]com/winx22[.]exe
- http[:]//13pope[.]com/wrd/order_evoucher[.]exe
- http[:]//13pope[.]com/wrd/receipt[.]exe
- https[:]//uctscf[.]co[.]za/Invo[.]exe
- https[:]//uctscf[.]co[.]za/Amo[.]exe
- http[:]//gbud[.]webd[.]pl/images/inv[.]exe
- http[:]//217[.]8[.]117[.]60/mh/files/1587057131_crexfexpex[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.