Rewterz Threat Alert – Mac Trojan Shlayer Distributed via Google Searches
June 19, 2020Rewterz Threat Alert – Cobalt’s Updated Tactics and Tools
June 19, 2020Rewterz Threat Alert – Mac Trojan Shlayer Distributed via Google Searches
June 19, 2020Rewterz Threat Alert – Cobalt’s Updated Tactics and Tools
June 19, 2020Severity
Medium
Analysis Summary
Security researchers have uncovered a new sample of Android malware called Raddex targeting Arabic-speakers that is reportedly linked to GoldenRat (also known as APT27 or APT-C-37). The threat actor aims to get a superuser access to the device. The Raddex malware is also categorized a s a spyware that collects sensitive information from the device and sends it to a C2 server.
Impact
- Device takeover
- Exposure of sensitive information
Indicators of Compromise
Hostname
- 295[.]yao[.]cl
MD5
- 4ae13489e22c79cc794d59ff74cb1aee
- b91491c2525b4a578a88b7a13df679aa
- 389c20a9a4a4aada461535ad22e0dc2a
- 006ead0cabf1312dbce67ed42d524bfc
- 1f9e92fdc5bdb2467dd2e1015304bed5
- 006ead0cabf1312dbce67ed42d524bfc
SHA-256
- 4ddc1325ac72ceaca843b017b7b68ef54b9c63757fb72c38738b076353e0ee25
- 29c5c3c15c5cb2a8f9e87d6732bc138d9ef570de745d6193cb7acf684368aef5
- 434ccfbc3780a3c76fb5cc02a1a681a3388ca9760de7b7ac17c0f3ccb55b24a5
- f416b7c6e390aab28f9f19839ece94c748cf0957eb94eb0dfd9b12ce6e301cde
- d4b69105a02386a4c1f11d9b14f75f9a115bcfe54548cffcc271cb3f7630fc78
- f416b7c6e390aab28f9f19839ece94c748cf0957eb94eb0dfd9b12ce6e301cde
SHA1
- 33974523679d0eef019e764cf72966a2656080e1
- eb9462fd6d1db3a9c552e64657f618a01dc1c094
- 0d0668f0da2d24fed3a58eba486983637e7ca7a7
- 6e74b2e814977bb04071ac6e9def70c37bcd55cc
- bc682a8bc6ea8550a9c6286a7011ed8a87396723
Source IP
- 94[.]177[.]251[.]146
- 205[.]251[.]145[.]29
Remediation
- Block the threat indicators at respective controls.
- Be very careful while granting permissions to any apps.