April 25, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Cryptocurrency Miner Delivered via Hawkeye Keylogger
December 13, 2019Rewterz Threat Advisory – CVE-2019-14568 – Intel Privilege Escalation Flaw in Rapid Storage Technology
December 18, 2019Rewterz Threat Alert – Cryptocurrency Miner Delivered via Hawkeye Keylogger
December 13, 2019Rewterz Threat Advisory – CVE-2019-14568 – Intel Privilege Escalation Flaw in Rapid Storage Technology
December 18, 2019
Severity
Medium
Analysis Summary
A new Monero cryptominer has been discovered by Deep Instinct during an incident targeting an Asia-based aviation organization. This miner is persistent, file-less, and leverages the Tor infrastructure. The infection chain begins with a PowerShell command that creates a scheduled task set to run another encoded PowerShell command at system startup. This 2nd encoded PowerShell command, when decoded, reveals the use of a reflective-PE loader that retrieves malicious content stored in the registry and injects it into its own process as run-time compiled C# code.
Impact
- Crypto-Mining malware
- Sharp spike in CPU usage
Indicators of Compromise
MD5
- 3866532d537df4795d88f97c38c1c25a
- 4a7d5d67ce8e6a890f4a272be3f782bd
- a381ba89d294f120dd76a684bda24276
URL
http[:]//165[.]22[.]50[.]215/functionupdate[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.