Rewterz Threat Advisory – CVE-2021-45617 – NETGEAR Vulnerability
December 31, 2021What’s Driving The Increase In Demand for Compromised Assessments?
January 3, 2022Rewterz Threat Advisory – CVE-2021-45617 – NETGEAR Vulnerability
December 31, 2021What’s Driving The Increase In Demand for Compromised Assessments?
January 3, 2022Severity
High
Analysis Summary
The Java-based StrRAT virus was discovered in June 2020 by experts at the German cybersecurity firm G Data CyberDefense AG. STRRAT is a Java-based RAT that uses a lot of plugins to provide an attacker full remote access. It has the ability to steal login credentials saved on browsers and email clients, log keystrokes, and remotely manipulate compromised Windows operating systems. STRRat malware can also be used to imitate a ransomware attack. No files are encrypted; the virus simply adds the file extension (.crimson) to Notepad to show a bogus ransom message. Browsers like Firefox, Internet Explorer, Chrome, Foxmail, Outlook, and Thunderbird are supported by STRRAT malware.
Impact
- Unauthorized access
- Information theft
- Exposure of sensitive data
Indicators of Compromise
SHA-256
- d44f98bf2ad71e771d6d92f4340d5b0160c7a15be4a544941a7917da1293f2ed
- e5d19c129485fc022232027105722b56096e23f1a6800e47949ecfaac4f459e1
- 4e973883052470dee63cc6c6858ab5008a6dbce5adef0c4a6a7b5c938a50ae28
- 17a9578b6d8fae823e3be3d463441c0c70ba4cb2f28ad49fa8dc072936f320ec
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.