Rewterz Threat Advisory – Google Chrome Affected By Magellan 2.0 Flaws
December 30, 2019Rewterz Threat Alert – Malspam Pushes the Information Stealer ‘Lampion’
December 30, 2019Rewterz Threat Advisory – Google Chrome Affected By Magellan 2.0 Flaws
December 30, 2019Rewterz Threat Alert – Malspam Pushes the Information Stealer ‘Lampion’
December 30, 2019Severity
High
Analysis Summary
A malspam campaign is spreading the predator malware via malicious documents and URLs. The “Predator the Thief” stealer is capable of stealing stored passwords, cookies, credit card information, and crypto wallets and sending the data back to its C2 server. C2 domains associated with this campaign are given below.
Impact
- Exposure of sensitive information
- Credential Theft
- Financial Loss
Indicators of Compromise
Domain Name
- grsme[.]info
- yoursmb[.]info
MD5
b05745fd160410d8067766b8ed2c19ce
SHA-256
c7764105809a4a01c9a3e9a3fcc8b208f4a78903b3508a17d60cfbb789c4d4bc
SHA1
c0b4e6233e40f4c3c9120fdec11a1cd70b74ae18
Source IP
92[.]63[.]197[.]238
URL
- http[:]//grsme[.]info/FruhT[.]com
- http[:]//yoursmb[.]info/api/check[.]get
- http[:]//yoursmb[.]info/api/gate[.]get?p1=2&p2=15&p3=0&p4=0&p5=0&p6=0&p7=0&p8=0&p9=2&p10=sZf0AvMFuI
- N2IGKyxUgAfZrJWd5eBvZWFIpR
- http[:]//grsme[.]info/sRera[.]com
- http[:]//grsme[.]info/tjGw[.]com
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in emails coming from unknown sources.
- Do not visit URLs attached with untrusted emails.
- Do not enable macros for files accidentally downloaded when you visit a URL.