March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Lockscreen Ransomware Phishing Leads To Google Play Card Scam

July 27, 2020

Rewterz Threat Alert – List of Active Phishing Sites

July 27, 2020

Rewterz Threat Alert – WastedLocker Ransomware

July 27, 2020

Severity

High

Analysis Summary

WastedLocker is a relatively new ransomware family which has been tracked in the wild since April/May 2020. WastedLocker has an affinity for running with administrative privileges. If the payload is executed with non-administrative permissions, it will attempt to elevate privileges via UAC bypas (Mocking Trusted Directories). WastedLocker has an affinity for running with administrative privileges. Once elevated, the ransomware will write a copy of a random file from System32 to the %APPDATA% directory. The newly copied file will have a random and hidden filename. This process allows for the ransomware to copy itself into the file by way of an alternate data stream (ADS).

Impact

File encryption

Indicators of Compromise

MD5

6b20ef8fb494cc6e455220356de298d0
0ed2ca539a01cdb86c88a9a1604b2005
3208a14c9bad334e331febe00f1e9734
edbf07eaca4fff5f2d3f045567a9dc6f
bceb4f44d73f1a784e0af50e233eb1b4
ecb00e9a61f99a7d4c90723294986bbc
f67ea8e471e827e4b7b65b65647d1d46
2000de399f4c0ad50a26780700ed6cac
13e623cdfb75d99ea7e04c6157ca8ae6
572fea5f025df78f2d316216fbeee52e

SHA-256

aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
85f391ecd480711401f6da2f371156f995dd5cff7580f37791e79e62b91fd9eb
9056ec1ee8d1b0124110e9798700e473fb7c31bc0656d9fc83ed0ac241746064
7a45a4ae68992e5be784b4a6da7acd98dc28281fe238f22c1f7c1d85a90d144a
ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3
5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367
97a1e14988672f7381d54e70785994ed45c2efe3da37e07be251a627f25078a7
887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d
8897db876553f942b2eb4005f8475a232bafb82a50ca7761a621842e894a3d80
bcdac1a2b67e2b47f8129814dca3bcf7d55404757eb09f1c3103f57da3153ec8

SHA1

91b2bf44b1f9282c09f07f16631deaa3ad9d956d
70c0d6b0a8485df01ed893a7919009f099591083
763d356d30e81d1cd15f6bc6a31f96181edb0b8f
b99090009cf758fa7551b197990494768cd58687
9292fa66c917bfa47e8012d302a69bec48e9b98c
be59c867da75e2a66b8c2519e950254f817cd4ad
809fbd450e1a484a5af4ec05c345b2a7072723e7
e13f75f25f5830008a4830a75c8ccacb22cebe7b
4fed7eae00bfa21938e49f33b7c6794fd7d0750c
f25f0b369a355f30f5e11ac11a7f644bcfefd963
e62d3a4fe0da1b1b8e9bcff3148becd6d02bcb07

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Lockscreen Ransomware Phishing Leads To Google Play Card Scam

Rewterz Threat Alert – List of Active Phishing Sites