Rewterz Threat Alert – Malicious Cyber Activity in an Enterprise Network
October 1, 2020Rewterz Threat Alert – Dridex Banking Trojan – IoCs
October 1, 2020Rewterz Threat Alert – Malicious Cyber Activity in an Enterprise Network
October 1, 2020Rewterz Threat Alert – Dridex Banking Trojan – IoCs
October 1, 2020Severity
High
Analysis Summary
NanoCore is high-risk trojan, a remote access tool (RAT). In most cases, this malware is proliferated using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with viruses such as NanoCore. The presence of this malware can cause serious issues, since the malware distributor gains remote access to the infected system.
Impact
- Credential theft
- Exposure of sensitive information
Indicators of Compromise
URL
- http[:]//admindepartment[.]ir/notepaq/bknu[.]exe
- http[:]//5[.]135[.]73[.]86/zero[.]exe
- http[:]//35[.]157[.]92[.]120/nass[.]exe
- http[:]//5[.]135[.]73[.]120/zero[.]exe
- https[:]//vwl0ka[.]bn[.]files[.]1drv[.]com/y4mRiCSo8-5MIgge9SHqjjrlvOUo4lZm9X3aMjoB8jwHDw7gTeoUD4j33TXGb2pJwHZsd59RXxGpClZ4WZrntjGmOMGB2sWMrZBtmYbP5kRfqmnlb_nTpBmBfyyuwaRcLrSExxRMC9AR9QJ23jrOq5E1bEg_9rb5EpjHYF_x_5fZfIHnDuuGgV5rXGR7HOY8B6HNkb5dxx-BeVQ-KPh96kxA/Pago%20reporte[.]pdf[.]zip?download&psid=1
- https[:]//huh[.]canto[.]com/rest/share/album/LO5OM/rest/binary/other/plehtpdqal747842kiuc2v4272/download
- https[:]//qh6ohq[.]am[.]files[.]1drv[.]com/y4mKvN4YtqicreVRmeKrzj3O7LBsBy0CqClbnUsreVobuTViiFjVjwiUrWxy3XVDjd8jjR6fdsVtjH4w63lubG7EaOhre5KB6XRrca4trVo5yhUx9BxQCTzdoeLh3VHlnji5fvBXyhLjDkDpH4LwF8hxAuKaoLqLqbmEB5OdBmeLjEGnhmR9wulombFzBTFsBiaFM3qqFJiYKKxXuAPMSkQ/SWIFT%20COPY[.]z?download&psid=1
- https[:]//greenhillsrishikesh[.]com/nel[.]exe
- https[:]//s3[.]rokket[.]space/t_fr7OUh[.]txt
- http[:]//cdn[.]discordapp[.]com/attachments/600109736821784578/638103447845077082/svchost[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.