• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – FarAttack Ransomware – Active IOCs
April 6, 2022
Rewterz Threat Alert – FIN7 APT – Active IOCs
April 6, 2022

Rewterz Threat Alert – New Android Malware – Active IOCs

April 6, 2022

Severity

High

Analysis Summary

A gear shaped icon is displayed for the apploication in an android device.

After execution, the “permission granted” warning appears on the screen. The process managers continues to run in the backgroud. The number of permissions requested by the application amounts to 18:

  1. ACCESS_COARSE_LOCATION – Access to the phone location.
  2. ACCESS_FINE_LOCATION – Access to the location based on GPS.
  3. ACCESS_NETWORK_STATE – View the status of all networks.
  4. ACCESS_WIFI_STATE – View WIFI information.
  5. CAMERA – Take pictures and videos from the camera
  6. FOREGROUND_SERVICE – Allows to put in foreground
  7. INTERNET – Allows to create internet sockets
  8. MODIFY_AUDIO_SETTINGS – Allows to modify audio settings
  9. REAL_CALL_LOG – Allows to read a telephone call
  10. READ_CONTACTS – Allows to read contacts information
  11. READ_EXTERNAL_STORAGE – Allows to read external storage devices
  12. WRITE_EXTERNAL_STORAGE – Allows to write to the Memory Card
  13. READ_PHONE_STATE – Allows to read phone status and its id
  14. READ_SMS – Allows to read SMS stored on the SIM card
  15. RECEIVE_BOOT_COMPLETED – Allows to start the app when the device is turned on
  16. RECORD_AUDIO – Access to the audio recorder
  17. SEND_SMS – Allows to send sms
  18. WAKE_LOG – Prevents the device from locking/hibernating

Impact

  • Information Theft
  • Performance Degradation
  • Misuse of Data
  • Financial Loss

Indicators of Compromise

Email

  • akankdev2017@gmail[.]com

IP

  • 82[.]146[.]35[.]240

MD5

  • 4f5617ec4668e3406f9bd82dfcf6df6b

SHA-256

  • e0eacd72afe39de3b327a164f9c69a78c9c0f672d3ad202271772d816db4fad8

SHA-1

  • 45eed0d3f6dc143bcfa19f593523ee07683ca66d

URL

  • https[:]//videos-share-rozdhan[.]firebaseio[.]com/
  • http[:]//ylink[.]cc/fqCV3
  • http[:]//d3hdbjtb1686tn[.]cloudfront[.]net/gpsdk[.]html
  • http[:]//da[.]anythinktech[.]com/

Remediation

  • Use mobile phone EDR aka mobile endpoint detection and response.
  • Use a reputable password manager app.
  • Use Authenticator app (i.e., Google authenticator app, Microsoft authenticator app).
  • For extra security, get a physical authenticator key like YubiKey, that can be used on the
  • Phone and laptop.
  • Switch to an uncommon but safe web browser.
  • Do not use an outlook mail client or any email server that’s inbuilt on your OS. Switch to uncommon but reputable and secure email clients.
  • Ensure that all your devices and logins are stored in your password manager and use the password generator
  • Ensure all your logins are connected to your authenticator app/device.
  • Your anti-virus software should be enabled to lock and erase your device if it’s stolen.
  • Use Securedrop for document sharing, etc.
  • Only open links from known and trusted contacts and sources when using your device.
  • Make sure your device is updated with any relevant patches and upgrades.
  • Avoid public and free Wi-Fi services (including hotels), especially when accessing sensitive information.
  • Do not blindly approve app permission requests.
  • Keep checking app permissions.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.