• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Latest Emotet IOCs
July 14, 2020
Rewterz Threat Advisory – CVE-2019-4591 – IBM Maximo Asset Management security bypass
July 14, 2020

Rewterz Threat Alert -TrickBot Group Launches Test Module Alerting on Fraud Activity

July 14, 2020

Severity

High

Analysis Summary

Researchers have analyzed a new TrickBot module that appears to have still been in development and unintentionally deployed in the wild. The module, named “grabber.dll,” was discovered being loaded by a TrickBot sample with the gtag “chil48.” The module version was listed as 0.6.8 and its purpose appears to be for browser data stealing, such as stored passwords and cookies. Strangely, when loaded, the module opens a browser window that displays a warning message about the stealing activity occurring. The researchers hypothesize that this is likely a test module that was not supposed to be distributed to victims. Furthermore, it may indicate that legitimate coders are being hired under the ruse of developing anti-malware software to help develop part of the code. They also noted that another module associated with this sample was discovered, “socksbot.dll,” that handles Socks5 proxy activity.

0e8cc9_df7e797182904477854a34400ef15911~mv2.webp

Impact

  • Information theft
  • Exposure of sensitive data

Indicators of Compromise

MD5

  • 57103CAE44BA3FA21804EBC9BF702B1F
  • 382A62908E86BB1F333EC99B17A38930
  • 4BE2C925E06F6CABB3D3761B8D3A3D11

SHA-256

  • 38828f9550533168b66b455b31924b06e89ce368b463738f92facff0f84ef261
  • 06c0a7b860eb2e562c8704ae0c362d7aba902cd94f80a183eda1444c4f78984f
  • 2a1ce52e596fc8d8ca40b978302eba722e2ce013dd7c604a5d8de855130d420b

SHA1

  • 6068d2d536a19a5b160d9d037959f6ff5e418a3c
  • c14d8427bfac708ea611b7b631055cee8deaca1b
  • 5da253bb3c7b8c19f871a7fd2576affc5ad8c4a2

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.