Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Medium
A new campaign dubbed “Kassino” spreading Agent Tesla malware, a known information stealing Trojan. Agent Tesla monitors and collects the victim’s keyboard inputs, system clipboard, screen shots of the victim’s screen, as well as collects credentials of a variety of installed software. Initial infection starts with a spear phishing email:
Attached to this email is a zip file named “Averda7803.zip” and contains an executable file “jack.exe” which is the final stage malware. Once directly executed on the machine, the malware installs persistence mechanisms by executing VBS scripts via the RunOnce registry key. It then implements hooks into all the major browsers for the purpose of credential harvesting and stealing. One unique aspect of the malware is that it uses SMTP for command and control and exfiltration of data.
Filename
Malware Hash (MD5/SHA1/SH256)