Exposed Vulnerabilities and Their Impacts
June 15, 2020Rewterz Threat Alert – Avaddon Ransomware
June 16, 2020Exposed Vulnerabilities and Their Impacts
June 15, 2020Rewterz Threat Alert – Avaddon Ransomware
June 16, 2020Severity
Medium
Analysis Summary
A Trojan designed to steal information from a system has been observed in the wild by researchers. TroyStealer is the latest in info stealing malware. Its purpose is to gather login information such as usernames, passwords, and logging keystrokes. The Trojan then sends this information back to another system via email. As with other types of Trojans, the infiltration typically begins with an email stating some sort of issue with a bank account, some kind of intriguing information, or other curiosity-based lure. The email would contain an attachment which, when executed, would perform the information stealing activities. The malware will inject itself into a process and begin collecting information. The Trojan accesses several INI files, deletes other types of files, and gathers security products, OS version, and registry keys. Finally, using a speed test website, the malware validates there is an Internet connection. If the connection is present, the malware (using SMTP) authenticates with an email server where it sends the harvested information.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
MD5
DAB6194F16CEFDB400E3FB6C11A76861
SHA-256
7c3289cdc59a8cf32feac66069d09c48a930d4665f740968521adaf870172644
SHA1
C76A9FB1A2AE927BF9C950338BE5B391FED29CD7
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.