Rewterz Threat Alert – MSBuild to Deliver RATs Filelessly – Active IOCs
May 18, 2021Rewterz Threat Advisory – Microsoft Windows Code Execution Vulnerability
May 19, 2021Rewterz Threat Alert – MSBuild to Deliver RATs Filelessly – Active IOCs
May 18, 2021Rewterz Threat Advisory – Microsoft Windows Code Execution Vulnerability
May 19, 2021Severity
Medium
Analysis Summary
NanoCore is a remote access tool (RAT). In most cases, this malware is distributed using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with malware such as NanoCore. The presence of this malware can result into data exfiltration, since the malware distributor gains remote access to the infected system. The malware is also capable of disabling some tools, stealing credentials and sensitive information.
Impact
- Credential Theft
- Unauthorized Access
- Theft of Sensitive Information
Indicators of Compromise
MD5
- 6e2f85513e9ceefeea270425796047c5
SHA-256
- c43a45ada61d51657b3ce7da3908740265b50494b78611f6802dd4279e2f78ad
- 91cb96bbe02a2193cca629639371137737f2cf4df2223f10da7cb788151fbc3d
- a653acd264ead4cef9b1fa1e896ed7ceea625a2934dc2618e503327c24771d5c
- 8c4abaa584b8be8790530e0d4ffdbfa82a4f681952f4f15019d7f0d96e09650f
SHA1
- 0ed406decf9630dcb93bdd9c1fcfa9f0ddedfc6a
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.