• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – The Tetrade: Brazilian Banking Malware Goes Global
July 17, 2020
Rewterz Threat Advisory – CVE-2020-4464 – IBM WebSphere Application Server code execution
July 20, 2020

Rewterz Threat Alert – Try2Cry Ransomware – IOCs

July 18, 2020

Severity

High

Analysis Summary

A new ransomware family, dubbed Try2Cry, that appears to be a variant of the Stupid ransomware family. Various samples were analyzed with the main differences being in the level of obfuscation, use of DNGuard, and use of a worm component. The ransomware targets various user documents with Rijndael encryption using a hardcoded password. It operates as most ransomware families, iterating over files to encrypt them and leaving a ransom note on the system after completion. A more noteworthy aspect of some of the samples of this ransomware is a worming component. During execution, it looks for removable devices on the system. If any are found, it drops a hidden copy of itself onto the drive, hides all files on the device, and replaces those files with Windows Shortcuts using the same icon that instead points to the ransomware executable. Visible copies of itself and with Arabic file names are also placed on the drive in an attempt to trick the user into opening them. The researchers note that a decryptor is available for the Stupid ransomware family that also works on Try2Cry samples.

Impact

File encryption

Indicators of Compromise

SHA-256

  • f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f
  • 3786ad08d8dacfa84a0c57b48dfa8921435f5579235d17edc00160e7a86ae1c5
  • 590885b5afc3aa1d34720bb758fb2868bb0870557db2110e61397a5364c7f8b3
  • 2c5f392767feced770b37fce6b66c1863daab36a716b07f25c5bef0eeafc0b26
  • 3b65dbd9b05019aae658c21f7fcb18dd29eea1555cc26c3fa12b9aa74ea55b88
  • 8594533a7544fa477e5711d237ccac7f4a62c2c847465ccea3cfdb414a00a397
  • cefb7262229b0053daf3208f7adc7d4fb4edaf08944a9b65d7eb1efaa3128296
  • dd036085f8220d13c60f879ff48ccf6c7d60893217fc988ae64d2ee6a4eb3241
  • fb621d2c94b980d87a8aa3239ebeda857a2fcb29f5aac08facacdc879f9ce784
  • fd24367e7a71bce4435fb808f483e0466df60e851fd05eed9c2fd838404e7a9d

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.