Rewterz Threat Alert – AsyncRAT – Active IOCs
January 25, 2023Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
January 25, 2023Rewterz Threat Alert – AsyncRAT – Active IOCs
January 25, 2023Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
January 25, 2023Severity
High
Analysis Summary
First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected computer. The malware is typically distributed through phishing emails or exploit kits and once it infects a system, it can steal sensitive information, install additional malware, or even use the machine to launch further attacks.
Revenge RAT uses various techniques to evade detection and analysis, such as code obfuscation and anti-debugging techniques. It also uses a technique called “process injection” to inject its code into legitimate processes and remain hidden from security software.
Once installed, Revenge RAT establishes a connection to its Command and Control (C&C) server, which enables the attacker to remotely control the infected machine and steal sensitive information. The malware can also log keystrokes, capture screenshots, and record audio and video. Revenge RAT can also propagate itself to other machines on the same network, by exploiting known vulnerabilities or weak passwords.
To protect against Revenge RAT, it is important to keep software and operating systems up-to-date, to be cautious when opening emails or clicking on links from unknown sources, and to use security software that can detect and remove RATs. Additionally, using a firewall, disabling unnecessary services and ports, and keeping your network segmented can also help in preventing the spread of malware.
Impact
- Unauthorized Access
- Information Theft
Indicators of Compromise
MD5
- f898e240cdab196a4a4045a9475e1641
- f4643cf8adf5282cb4524b6ad7b51ba3
- 7310548654a0e1bd553ae65d58701160
SHA-256
- 4dd82c8cfe6e1bd52dc523ba8bb6bb1891f95fcc7187e4f4817400eb3547cda9
- 59ad72ed3eb96e46f75650a659538a737e745399556d96dabeeb4de129805186
- e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61
SHA-1
- e4868eac22f6dda6160da5aa9929b5c732ce74f6
- 7478c4e07b54309cbf8324549d2880cc2a996dfc
- 792c541411b7ab41ad6caa4df4676fa8006edebc
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Patch and upgrade any platforms and software timely and make it into a standard security policy.
- Enforced Access Management Policies.
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.