• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Maze Ransomware Targets State-owned oil Company of Algeria
April 6, 2020
Rewterz Threat Alert – Coronavirus-Themed Domain Hosts a Phishing Kit
April 7, 2020

Rewterz Threat Alert – Loncom Packer Multiple Payloads

April 7, 2020

Severity

High

Analysis Summary

A packer dubbed Loncom (Trojan-Dropper.NSIS.Loncom) which incorporates NSIS and Microsoft Crypto API (both legitimate software packages) disguise of an update for an expired security certificate to pack and encrypt APT ready malware. Once the shellcode is extracted on a victim’s system, it begins decrypting the payload from the archive and executes it. To do this, information from the NSIS script is used to decrypt the payload. Malware discovered packed by Loncom included Mokes, Buerak, DarkVNC (also known as REvil, a VNC backdoor), and Sodin (also known as Sodinokibi, ransomware).

loncom_packer_01.png

Impact

  • Exposure of sensitive data
  • Gain access of victim’s system

Indicators of Compromise

MD5

  • BB00BA9726F922E07CF243D3CCFC2B6E
  • EBE191BF77044961684DF51B88CA8D05
  • 4B4C98AC8F04680F7C529956CFE8519B
  • AEF8FBB5C64734093E78EB13E6FA7849

SHA-256

  • 64bc66f669abd4538e917fc60aa7ec95008dfb80a61c6864082fe022cd861c25
  • 8e08192cee6bfb065e9750e0457aaaf81849fac2adae1cb73147ead7949c56d2
  • 86f0a102ed4a4f82f843484cc045df5bea53118d25496086a68a7f791a3ab27b
  • 64bc66f669abd4538e917fc60aa7ec95008dfb80a61c6864082fe022cd861c25

SHA1

  • 22f26496f2e8829af9f5cfcd79c47e03fe9a21bb
  • 4aa25662e4e59877cb94cc1d18aafd304ca1ca2e
  • e6dccf4b1fc5ab116b6bc1321346b35dbf42f387
  • 22f26496f2e8829af9f5cfcd79c47e03fe9a21bb

Remediation

  • Block all threat indicators at your respective controls.
  • Check for IOC’s in your environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.