• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Exposed Vulnerabilities and Their Impacts
June 15, 2020
Rewterz Threat Alert – Avaddon Ransomware
June 16, 2020

Rewterz Threat Alert – TroyStealer Malware

June 16, 2020

Severity

Medium

Analysis Summary

A Trojan designed to steal information from a system has been observed in the wild by researchers. TroyStealer is the latest in info stealing malware. Its purpose is to gather login information such as usernames, passwords, and logging keystrokes. The Trojan then sends this information back to another system via email. As with other types of Trojans, the infiltration typically begins with an email stating some sort of issue with a bank account, some kind of intriguing information, or other curiosity-based lure. The email would contain an attachment which, when executed, would perform the information stealing activities. The malware will inject itself into a process and begin collecting information. The Trojan accesses several INI files, deletes other types of files, and gathers security products, OS version, and registry keys. Finally, using a speed test website, the malware validates there is an Internet connection. If the connection is present, the malware (using SMTP) authenticates with an email server where it sends the harvested information.

Impact

  • Information theft
  • Exposure of sensitive data

Indicators of Compromise

MD5

DAB6194F16CEFDB400E3FB6C11A76861

SHA-256

7c3289cdc59a8cf32feac66069d09c48a930d4665f740968521adaf870172644

SHA1

C76A9FB1A2AE927BF9C950338BE5B391FED29CD7

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.