November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Heatstroke Phishing Campaign
September 11, 2019Rewterz Threat Alert – BITTER – Targeted Attack Against Pakistan
September 11, 2019Rewterz Threat Alert – Heatstroke Phishing Campaign
September 11, 2019Rewterz Threat Alert – BITTER – Targeted Attack Against Pakistan
September 11, 2019
Severity
Medium
Analysis Summary
A new Pony Loader campaign that targets potential visitors of the Canton Fair based in Guangzhou, China. The initial infection sources from the following email:
This email contains a compressed .ZIP archive named “ORDER LIST PROPOSAL-REQUEST FOR QUOTATION.zip” that, when decompressed, contains “ORDER LIST PROPOSAL-REQUEST FOR QUOTATION.exe”. This executable is the Pony Loader malware, a common password stealing Trojan that started in 2011 and still continues to operate today.
Impact
Credential theft
Indicators of Compromise
URLs
- acousticallysound[.]com[.]au
- http[:]//acousticallysound[.]com[.]au/include/shit[.]exe
- http[:]//acousticallysound[.]com[.]au/include/gate[.]ph
Filename
- ORDER LIST PROPOSAL-REQUEST FOR QUOTATION.exe
Malware Hash (MD5/SHA1/SH256)
- 0963948E091CB139A49EF88B9E61AFD7
- f2efcdb60c57c42c1e4e23e39d17eaa1
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the link/attachments sent by unknown senders.