• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2019-1938 – Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability
August 23, 2019
Rewterz Threat Alert – Emotet Botnet Is Back, Resumes Activity Across Servers around the World
August 26, 2019

Rewterz Threat Alert – Syrk Ransomware Targets Fortnite Users

August 23, 2019

Severity

Medium

Analysis Summary

A campaign spreading a new ransomware, dubbed “Syrk”, to victims via fake Fortnite hack tools. The malware masqueraded as a cheat for Fortnite, promising an aimbot to improve aim accuracy and ESP for knowing the location of other players. The researchers hypothesize that the download was likely hosted on a sharing site and sent to victims via Fortnite forums. The analyzed sample being distributed appears to have been built using publicly available code. Specifically, it is based on the source code for the Hidden-Cry ransomware, but with a different extension in use. Upon execution, the ransomware disables Windows Defender and UAC, launches an executable that drops several PowerShell scripts used for the encryption, establishes persistency, and monitors process management tools. Additionally, it creates scheduled routines to begin deleting encrypted files every two hours if the ransom has not been paid. This ransomware propagates via USB drives. It uses Lime USB to identify attached USBs and copy the ransomware executable to any identified drives. An additional application is dropped on the system that allows the victim to enter the decryption key. The researchers discovered that the decryption tool is embedded as a resource in the main malware and the key is contained in both PowerShell scripts and text files dropped on the system.

Impact

File encryption

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

  • 077eee74b8f1227707b389a953234756d3bf8b78108a24f132bd5feb209dd8f6
  • 08baaf7c861748b227a93e41e28f99a258eb4ce149fa31b7ffe93bc23e385709
  • 31c3e1c03b15347bf8184854e65261a81ba12db0dcf3aeb5344ced6d8321ddf1
  • 36f88efe39d8cf16ae5ea6fb970f779ea4f80c2045a9a1b8da5657d495ddfe35
  • 4197a4146bbf406f21577569290a2772b22af80f4043f670240319fb807cf3d4
  • 54b62ed00e7cc8c39b09f53bec692dc7418c654f269f3392d95fba418cc8af20
  • 6b156d23e8e85af8635a101b2c1a8c227cfb01a4092a076f0d00ea82b6f6bb19
  • 794020d4ad5733907bf28e278644351965b38f155637203710550ae77f6c0e15
  • 8fef3e33ad10eace4c472942510ce66525daf0282a6bf8d42c9c66bb844ec6ce
  • a3368e8a66a87b01cab209816de2648dc36059cb4ae6e3cf41c9d2aff79f9e0c
  • c239d501439b776e93085925eb132ff164b1f3ba4fdc356a00045e8674dc1387
  • eda75fece8a02eb169b90a02322cd4ff2b1485ad5cdc0da7ddaa2c851a7a2614
  • fb8bac3a3d04aff294be9ede1d5742ebcab59c3bc14143e328e33cf71bb59b97

Remediation

  • Block threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the link/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.