• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Malware Analysis – Malicious Macros
June 26, 2020
Rewterz Threat Alert – APT C-35 Targeting Pakistani Organizations
June 26, 2020

Rewterz Threat Alert – Valak Malware

June 26, 2020

Severity

Medium

Analysis Summary

The Valak Malware is a sophisticated malware previously classified as a malware loader. Though it was first observed in late 2019, researchers have investigated a series of dramatic changes, an evolution of over 30 different versions in less than six months. This research shows that Valak is more than just a loader for other malware, and can also be used independently as an information stealer to target individuals and enterprises. More recent versions of Valak target Microsoft Exchange servers to steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organizations, brand degradation, and ultimately a loss of consumer trust.

Impact

  • Credential theft 
  • Information theft
  • Exposure of sensitive data 

Indicators of Compromise

MD5

  • 85c8e02d944c693dc8395e9b726fe380
  • b2558caa32fa209d99afac52d2930ca2
  • 8170b1d3bb3364c0c92de81d9345c7c6
  • 21e1a393f9ba44049c307b357875afde
  • 7b31397bd5a2880823ca5272249eb4fe
  • 4706cb0d87c35fa805f28091e529d682
  • e7b579ba890af51b66d659e588db776b
  • 099d36c2071d381ad775ac6ecf6fb0b9
  • cee71ff0a2adf356b6ede758b1591f7b
  • af4fd920e097695781424662e7c120a3
  • 5498b94db695ad6656dfa02c3a4c4317
  • 95d0edc1349faa8ecd1a26980072b46d
  • f421d7ca0d6d4c6737af88868173e705
  • d78232c9862f86712d41237c20f5ab80
  • ff432ec7c351fb14af67d44eb4483c84
  • 0c1ceab2d27259405602f7d2c22ecafe
  • c0ef686b11f5422620db63927444580d
  • 113b4a7fd32dea42f8efc6282110cd73
  • 6db614240e162a0c72174b5a48693c93
  • 30bd8f82026c68425df6b9d034611720
  • cf41b835fb331b3ccd70a2fcb97427e8
  • a2145dee7e0be6a56c9a4023f0174711
  • e25e1cae62f221294651984e6615f7eb
  • 34356355a617f271fbb8301cfbe86367
  • 34256f3930f4b9d4a23abda8d46b32f7
  • 0dcee360983fa2e073e9f07e06b6d695
  • 4ff917822f2156c046a96ac78381e216
  • 656668547b65c909c50225f25b726056
  • 94a028c3032c634f5100201e02361f3e
  • 70cb1f07a676f287792d78cfcfdb2aa3

SHA-256

  • f3dc311a18bd3c048677bf5939156efd3180496e518f0160f26cc4d48cc66655
  • be7c1fe502940405a9647aaedb888eccae68fb13bbd8f158a920b1555bf8ba1e
  • fcd622c65e374f7d7212770a65f4474fa2a683bae869116ef52cc2a2566303d5
  • 15bcff3285cb41339b5de38526aa37a06627b05c340cea5c52cdd94e088993a7
  • c5d8a8a77399958936cef96f3c8c9d0d6c2ae89437e6d6471dfa36893180d689
  • c7bc266367b277f1e9e4510a23a38fbf0bdf7a851b026a340eba3ad8c8e8a1c9
  • 9b52277574e9b452d2bd77d3f1d6cc3084ec523057eb19ab26d34bf349e6d6b0
  • 6c0e63de41e14f74191fbbea4a001af4b3ad744f6138848be92e2177517ef887
  • 602bcef0404f128c0f8ee68d644a37bb4430ba8d70939dcea814dd8cf22a97a7
  • c065f5e4493fd5493a012f0e05ba2aa3914745e97c2ed91fbfc3d5106bc4782b
  • 6466ca90f8e03192bfb602d5db96804a1d1ea8cdfef1b74d02e1159a63077acc
  • bd58160966981dd4b04af8530e3320edbddfc2b83a82b47a76f347d0fb4ca93a
  • afc8fd02926a7dee0d71c8735b7f9cb5074ff7c3c4e2fa8c0cb5508b1e8170dd
  • 96e29e78b5f8e9bd5a152bad67dc4637babf1bab73c45226b831473e9b75cf57
  • 9a11e6ae98e4e26dcc240ec3ff0cc34d99e6d3414bd4caf340fb09649e94e4bd
  • 8b721d87f4dec06597cc0ecb09ce47f10ddcf294e8b4b23bdf74246bce327e94
  • 09448d9ba61f5c4d8ee1698cdadf398cbf97000a239c43c95972693b1a9311c8
  • deb0b28e72150db07cc9c2f5efc8f26a3be022c81c7544317a5717566a4c0302
  • 5624e6cb352c82b2c032a1018cea979f01f0cac2e552fe4d7016ced32f1cb581
  • 112f8cefb5aedfb0c92e7c947214b8bd4c30be5879d5f3263a7d6eeb07004d09
  • 4468edc18de42e61b64441c75aedcb15d553410d473e77fc8ae31b358acd506a
  • eb14e6ed547411a4930034be80453841e9b474225ec3a32ddc32c01263781c67
  • 5397b18ce5cf38f66bfd782c8d6ef331d90597fe0fe841c60f437acfd171d61f
  • 363b7bfb0f4a329b67cff96d1a1d888f99da44cae2d6f7b24e8b45a76b39a5f2
  • 1c3d130fd8473aea8b9286732db6ff2d3762ca1a70312bfbc9a4528d86b3b093
  • 4f3ffaef0cf5a9a799d7026a547e2c9a777946709112dcbb2a0b588228016439

SHA1

  • daaeaba45589187696bbc1aec7df7844e451cdcd
  • 9a42f69a4a7d157b975ea8093d0eb397392608f4
  • ec705dd7835614d21202c316ae25c2c95088af07
  • ec257f1a01f20560a4e869027382058b4a087615
  • e43490cb1f8dcac038b8814ff5c4ece8028ecb85
  • 5f8c22c7041e5279785f66fdba8d1b0b414d917e
  • bf480aa047342f106693ed696dc3162f0776db0e
  • 505b96b31b19a1d85276d3a71e1d6398abe3bea5
  • e22b404e1fec743f0795cdea8a95337660878860
  • e397cdcaf65b54c89d92e0ef49d40f22c8ed5526
  • 9441495ead24cdf62536075bb212a5cf88af5d91
  • 3f37ceaf50af6a1afa62de9522e2e998ca9f6a66
  • a9d57c0a838559156387b7f0b3af6ecabdf07e67
  • 4e6953fe1580d4d178d053fc906f441d5c72f2fc
  • 3a25af6c4214f70aa71b1253db048333b05f140f
  • 865e19a4dd150b0a8b60f4dbb49173fe48d11980
  • fcac8890f45140398f9595106477ba105fdeee0b
  • b51f8d9870886d6fd331c19d28160196e76b8e4a
  • 30fd553dedfadc81522adf37e11dfc4039d4ea31
  • bd9c4f7631beb455525bf7dfb3b64c5cfd47f0c2
  • 03810cd2c5cd29898f20cf33d8084926b685c879
  • 1d19d630e0c311e6a102e3b34cccec6360553497
  • b729bdd3a0fecb5ddc4eb0fea5ab32c08a29bee5
  • 1d8de1bd76fc66fa8f367e4904aee92cb576deb4

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders
  • Search  for IOCs in your existing environment. 
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.