Rewterz Threat Alert – TroyStealer Malware

Severity

Medium

Analysis Summary

A Trojan designed to steal information from a system has been observed in the wild by researchers. TroyStealer is the latest in info stealing malware. Its purpose is to gather login information such as usernames, passwords, and logging keystrokes. The Trojan then sends this information back to another system via email. As with other types of Trojans, the infiltration typically begins with an email stating some sort of issue with a bank account, some kind of intriguing information, or other curiosity-based lure. The email would contain an attachment which, when executed, would perform the information stealing activities. The malware will inject itself into a process and begin collecting information. The Trojan accesses several INI files, deletes other types of files, and gathers security products, OS version, and registry keys. Finally, using a speed test website, the malware validates there is an Internet connection. If the connection is present, the malware (using SMTP) authenticates with an email server where it sends the harvested information.

Impact

• Information theft
• Exposure of sensitive data

Indicators of Compromise

MD5

DAB6194F16CEFDB400E3FB6C11A76861

SHA-256

7c3289cdc59a8cf32feac66069d09c48a930d4665f740968521adaf870172644

SHA1

C76A9FB1A2AE927BF9C950338BE5B391FED29CD7

Remediation

• Block all threat indicators at your respective controls.
• Always be suspicious about emails sent by unknown senders.
• Never click on the links/attachments sent by unknown senders.