Rewterz Threat Advisory – CVE-2020-10768 – Linux Kernel security bypass Vulnerability
June 12, 2020Rewterz Threat Advisory – CVE-2020-4380 – IBM Workload Scheduler cross-site scripting Vulnerability
June 12, 2020Rewterz Threat Advisory – CVE-2020-10768 – Linux Kernel security bypass Vulnerability
June 12, 2020Rewterz Threat Advisory – CVE-2020-4380 – IBM Workload Scheduler cross-site scripting Vulnerability
June 12, 2020Severity
Medium
Analysis Summary
MassLogger is malware written using .NET and designed to steal credentials and act as spyware. MassLogger is modular with a number of modules available for various purposes. Packers are typically used to help evade detection and some anti-debugging techniques are employed to make analysis of MassLogger more difficult. Process injection is used to make the malware fileless and exist only in memory. The variant analysed by G DATA for their report used SMTP to exfiltrate data to a C&C server. It can also be configured to use FTP for data exfiltration.
Impact
Data exfiltration
Indicators of Compromise
SHA-256
- 8978b5eb14061436a8d2249f9c92ac75d8307c83a09ea7aa3e6572f704b4335f
- c994eb9b388217d028184b271dbd7fa098e0488f24af28d5a4ead55bf0c1a92f
- 25fa4b1716f5d2995ff28002601f7fd2fc76f03831bcd642b9a2e49e92c42238
- 786b5266ae016683f13abe07cb1e99c01b2d617d3ca7518da086571d9f158d1b
- 335d39ae0c6e633ba50441e0b482b11d0311d09ad9a286123e6a854660518715
Remediation
Block all threat indicators at your respective controls.
Search for IOCs in your environment.