Rewterz Threat Alert – Anchor Malware Targets Point-of-Sale Infrastructure
January 7, 2020Rewterz Threat Alert – 3rd Party Tools and Windows 10 Apps Killed by Clop Ransomware
January 8, 2020Rewterz Threat Alert – Anchor Malware Targets Point-of-Sale Infrastructure
January 7, 2020Rewterz Threat Alert – 3rd Party Tools and Windows 10 Apps Killed by Clop Ransomware
January 8, 2020Severity
High
Analysis Summary
Sodinokibi ransomware was found infecting systems via Microsoft Office documents. After encryption, the following ransom note is found on infected systems.
The ransomware demands a ransom of $850k or $1.7m for decrypting the files on target system, as below.
Impact
- Files Encryption
- Information Disclosure
Indicators of Compromise
MD5
- 4903f3effb98da65c49bb9591c16615d
- 3ad4c27f8d0e7135f401474811bd9b25
- 853ab7bdeecf03306178f4af40eff694
- b4fe61c29e23014fdab44ad0d8df1d2d
- 395015986431f15f5bfd25aa1966ccb0
- 27c8b1cb19c4f6df337dff38ab1f3592
- 85de4dc5e49dbafcf3da67434f013733
- a63cdd7c9362540da0fc61db193f9a93
- 6a85fe97ccaa29d09e5df824d4eaad59
- 8b24ea434d60f99e1ff50810fb8d28da
- d8e850611733076fc9d523b586e76ff7
- f45b3caa097afbdd50358ede4042a88f
- 6640d80b412edfbdd836a5c3808a7748
- 722e15d85827d3ac13e56e8108688012
- 9d78f811a13af1cee9ee635a9dd3f10a
- 1ebf922138d1d821c11bac32b63d3b2d
- c932f03098bcfea3f7a6c7bf11c0d653
- 6bf8720c0741f11219f38e747392b73e
- c37804708ee284575f87bd0e365be9d9
- 3846bbbb0efc50218aedd4a4ef3d877a
- f7f3fd2b59b0979bb7c8265122547f9a
- b64f01f8a72ec9c9670909b4ce1a9b4f
- c12c84d72868e4c4be6af913d62da2bb
- 4fe625f696602d23e0c1129ee8c609c9
- 579ebea24bc90cf01b7ba3e6c376f06b
- 6df070be3d54fb2f6eb4ac1a3415857b
SHA-256
- 42996516b6604ba136ff909d9b59d2a676a72eaafa30c729cdfaddd96b20fc83
- 2011f4ed15d6ad002670fdfe8fffc2fbd7cff4c8e7bd9d16746f9884a79a24b1
- 5cb49636a0d759cf24bd19ce17003a62f1e8d4d076844b9110af8b9172413508
- 12bb06bc5da9d7f24634bb37a809ad69896c2eb47b7957846124fe09fbf573bf
- 0e468c960706b3f4181f54a35650b8edbd0960785dda89a72cdd1e5d600f188b
- 9a253acfa25c1feefe603a9b8060d997c34aa110f0d1811005eb1f5ca28d2795
- 7549bc8a7c896dae3f1026dfeeba7d4e0990b896e8715cef55f88763b2aa3908
- ba68f6b7d0be7f6abcbd6679627ed61fac0d0044f05ddbca38b564f1b27bef48
- c678c05b05790006e56a25659eaa97520f426c6b2bbd7ccfb3ea30cc46d672f9
- 5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2
- b7e7878b4f87f1b29fb3c7002d90196c69bffe1eb70ae08d2563b79e1bc41a06
- 9106117da853d8baa45ff6fdbf1ceada81dd4c2ce896787e445170a8d8c13148
- a4b205d9ebfe4b6b08f4ead27a79aea247215df4463f9e95c9cfe1db7b30b02a
- 578e1b00157447f99716b646af6b0c33d0f6c32257a19376d6cc9d003ff0fba1
- b7b136e1efb27c05f80163b6ba73575b4430d7326b07cb629d23794f0049c1a6
- 68a35bd6540394cd28a8c8271dbf2befc4a839aa53d1ba28f9ed81f411a09c01
- 515e79a2813ecc480d47480275b18426e281d77488ac2dce669f00dc41d4b6ce
- 1e1589de70ea7ebad976aa1c1ebdb32e0695ee268aa5f7f8ac834ed3960a4803
- d6a0b7812b3ee8fbf81d40db94094facc25645689f4109e5d7983e8cb49990ec
- 4c15a0bfdc8af00dd509aa990c2d7926ee7c714da88a767ee7f4e5276094de6d
- bb7707d5672a409d7b69356ca1f2ed947bc5c76a683431c8b636e60845fa17ed
- 4d7bb7fc137d4e4db98835612daa8e4f36b365dad71bd5c763521d7e8a29915a
- f4e2cf1a788a104226e6c577ad19c8570624371f8563a3ec0e9cb43501c18665
- 9bc861c341955bbbb8ac281b7195ee238b068981b7212375c93e6e4cd5ff2a04
- 830a8208fe916dabfc1ee63c3e889d8277fbae954a9b00d64b2c920e1d9a2536
- a49fe8df263baded151476232daafd20122f7a66325c2fc6395c965296a8d746
Remediation
- Block the threat indicators at their respective controls.
- Do not download files from random sources on the internet.
- Do not download files attached in emails coming from untrusted sources.