November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – CryptBot Trojan – Active IOCs
January 2, 2023Rewterz Threat Alert – GandCrab Ransomware – Active IOCs
January 2, 2023Rewterz Threat Alert – CryptBot Trojan – Active IOCs
January 2, 2023Rewterz Threat Alert – GandCrab Ransomware – Active IOCs
January 2, 2023
Severity
High
Analysis Summary
Meterpreter – a trojan-type program – enables attackers to take control of affected machines remotely. This malware injects itself into compromised processes rather than creating new ones. Meterpreter can be utilize to send and receive files, launch executable files, perform command shell operations, capture screenshots, and record keystrokes. The main objective of its distribution is either to generate revenue or infect devices with additional malware. Infected email attachments, malicious online advertisements, and social engineering are some of its distribution methods. Threat actors can infect victims’ systems with more malware, such as ransomware, by sending, receiving, and executing files using Meterpreter. Ransomware encrypts data, making it impossible for victims to use or access it unless they acquire decryption tools from the program’s creators. Identity theft, banking information, and password theft are the main impact of this trojan.
Impact
- Information Theft
- File Encryption
Indicators of Compromise
MD5
- 365342f8883f5b865f1aabeec9f652b8
- 7a0151a72581e590799407d387a7d96a
SHA-256
- 56ffb6689642f5d25968398446c39ff3bd3fab8afaf319aa3893ff6320cd1f4e
- b453f1da208afbdd85aa53d2c707b02f9342485f32de9a171419347743c90cd9
SHA-1
- 43faf3cd7d209a5503a2da9e5ee8bbffce9b1225
- d2fcd34cb76af2e8f1a5638e99fde039c0a0efa7
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at your respective controls.