Request a Demo
Rewterz
Rewterz Threat Alert – HTML Phishing Leading to Trickbot
June 28, 2019
Rewterz
Rewterz Threat Alert – Hidden Bee Malware Targeting Asia-Pacific Region
July 1, 2019

Rewterz Threat Alert – Point-of-Sale Breach – Indicators of Compromise

Severity

Medium

Analysis Summary

A malware sample from the recent compromise of a North American hospitality merchant and identified the malware as a variant of the Alina Point-of-Sale (POS) malware family. Alina dates back to at least 2013, and is one of many malware strains that possesses a Random Access Memory (RAM) scraper, which is specifically designed to steal payment account information from the memory, or RAM, of the targeted system.

Impact

Exposure of sensitive information

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

  • 176633d74a4a93fe0a76d59175ce54bc
  • 02783a013d8d65e38c13dcc02f3e689e3c7f2c71
  • 0ae4740e74f7350adb13b23e5a2094b2821aafb49ec122a789b1e98ee93458fd
  • b62b0a7907bec6f7dd0cc88854fbd407
  • 1f62704a9f9ea87d3f8dd0f296bd602294168632
  • c0b4ab7a897102ceea5ce82a36018cb5d20806dd47db61484c4ea8e331a423c7
  • 3b016d76fc60cc9c46da6fa10efd0315
  • 93c33ae5035bee6da2bf10784df1b8d32db416f9
  • 804559ea57381bd6c2301d0c9393cf3768e54455ece74acdb99bb307f80494eb
  • 97a95075ec7dc0edac17864cb1ba5a5d
  • 985bff8d5a8346fc514048fd25920811f602adb0
  • 83e3df5ec961ce9b24588ba95025ce94e34c319a8afa30fab2b7cca10c0ef904
  • f49c6afd16afcc5507e0aa7acb64f06f
  • 43d80e5f8416185473dcaf83cb7f160d1eceefd2
  • c7d23247432db58196e46661d9abe440a36d478fe9142da1ed73c37978e905c0
  • 17777257e2bf877c5490619354b8116b
  • 6fdd747d03ac7d52fcb9f9e05c7d96214426ae4d
  • da4f5802f333e96e2263080e8b8cf50db25aaab98d883f85724df63ce7111e12
  • dca7c29a79d21bfe9081e4c227bdad79
  • 7ad0c94e3eeab05b5add22d9b1cf614848b06a13
  • 30feb4ec6cab08452f5fa15e6c07df09777b90c4557f23e5be56eed433278800
  • c84b393b2628ecd4df1b4f10913c6370
  • 1e3d0d2f7bc06aeda6a61a13e33013e025daa1aa
  • 6c6166c356ee2f92b32ad597edcdb34309ba4e7b281801b85fab95a6543a97db
  • cfba66f4ccdb5a0502ba90411c29803d
  • ada32f0903829e64ebd2dd57da5c5f34cb83183d
  • fd0e0f20ba1408080d0ff055aaac416a4ac53e958c0d2ec53de076787c125272
  • dd6e1bc77e1b0ad291126ed4175ba48d
  • 968b8b8926ec1514dc053d8a29b41bcabada6825
  • c01a7be3a05a1971acffea1e8399f18ed627277321236a497700bbf32c08ec3c
  • 07420893a9136686d9040b9c3fe7249d
  • edf27025d326ea84fae1ef3925823d7a91f5b9d6
  • 23668f38b9a10859302070a606cabd313e1b84ed5be81bd26c2d9bda29ebffa9
  • d000bd7c56811eec4067a4b7401bcb38
  • f5e89c72f62ea9a51161b2e1407c719903308e41
  • c55b2f3b67108a58c4cb81c3550115956cb07139e39a37ce9eb57ff4fb41d832

Remediation

Block all threat indicators at your respective controls.