• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Dridex Banking Trojan – IoCs
October 1, 2020
Rewterz Threat Alert – PayPal Squatting Campaign – IoCs
October 2, 2020

Rewterz Threat Alert – SLOTHFULMEDIA RAT Used to Target Organizations in Multiple Countries

October 2, 2020

Severity

High

Analysis Summary

An unspecified “sophisticated cyber actor” is found using malware to launch cyberattacks against targets in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine. The malware dubbed “SlothfulMedia,” is an information-stealer capable of logging keystrokes of victims and modifying files, according to an analysis. 
The sample is a dropper, which deploys two files when executed. The first is a remote access tool (RAT) named ‘mediaplayer.exe’’, which is designed for command and control (C2) of victim computer systems. Analysis has determined the RAT has the ability to terminate processes, run arbitrary commands, take screen shots, modify the registry, and modify files on victim machines. It appears to communicate with its C2 controller via Hypertext Transfer Protocol (HTTP) over Transmission Control Protocol (TCP). The second file has a random five-character name and deletes the dropper once the RAT has persistence. Persistence is achieved through the creation of a service named “Task Frame”, which ensures the RAT is loaded after a reboot.

Impact

  • Information Theft
  • Unauthorized Remote Access
  • Data Manipulation
  • Credential Theft

Indicators of Compromise

Domain Name

  • sdvro[.]net

MD5

  • 448838b2a60484ee78c2198f2c0c9c85
  • 9f23bd89694b66d8a67bb18434da4ee8
  • 92a40c64cea4a87de1c24437612f2e0f

SHA-256

  • 64d78eec46c9ddd4b9a366de62ba0f2813267dc4393bc79e4c9a51a9bb7e6273
  • 927d945476191a3523884f4c0784fb71c16b7738bd7f2abd1e3a198af403f0ae
  • 4186b5beb576aa611b84cbe95781c9dccca6762f260ac7a48f6727840fc057fa

SHA1

  • f2c43a01cabaa694228f5354ea8c6bcf3b7a49b3
  • db8c6ea90b1be5aa560bfbe5a34577eb284243af
  • f52f0685a72d6a8f3e119ce92b7cf1c2c6a83bb9

Remediation

  • Block the threat indicators at their respective controls.
  • Maintain up-to-date antivirus signatures and engines.
  • Keep all systems and software patched against all known vulnerabilities.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.