Rewterz Threat Alert – A New SolarMarker Infostealer – Active IOCs

Severity

Medium

Analysis Summary

SolarMarker, known as Jupyter or Yellow Cockatoo, is a sophisticated infostealer malware that emerged in early 2021. It spreads through phishing emails containing malicious attachments or links, and once installed on a system, it collects sensitive information and transmits it to attackers. SolarMarker’s primary objective is to steal login credentials, personal data, and financial information from its victims.

The malware employs various techniques to achieve its goals, including keylogging, form grabbing, and screen capturing. By capturing keystrokes and monitoring web browsing activities, SolarMarker gains access to sensitive data users enter. It also utilizes obfuscation and anti-analysis techniques to evade detection by security tools.

One notable feature of SolarMarker is its ability to propagate within a network, potentially compromising multiple devices and entire infrastructures. This poses a significant threat to businesses and enterprises.

To protect against SolarMarker and similar threats, it is crucial to implement robust cybersecurity measures. These include keeping software and systems up to date, using strong and unique passwords, deploying reliable anti-malware solutions, and providing user education on phishing and online safety practices.

In its recent campaign, SolarMarker comes bundled with legitimate software named Autodesk and uses it as a decoy.

Impact

• Sensitive Information Theft
• Credential Theft

Indicators of Compromise

MD5

• 7e25fdb1932480e3e6ec31b22d08c19e
• 411c42df8bb6b851d363a8669318f5fd
• 2f2805cfd44b948f360d920ca98527ca

SHA-256

• fbef401c6a7ad24640f6b6583aa0d0fa02aa895c47ab08e68b0e6e312d1b42a5
• f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317
• e675ada65b850344af62cee3d42e6f526b3f8acfb711d1144692aa7c95b1c367

SHA-1

• 0dfca2e6c1c89b1e85fdbb9da31a93964db7b826
• d8bc9470f380d7cc5863810ed834e0831f296661
• 5c7fcd2c1437e05f5c15529ef49d29a80d739ba3

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls.
• Enable two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
• Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
• Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
• Make sure all of your software, including your operating system and applications, is up-to-date with the latest security patches. This can help prevent vulnerabilities that could be exploited by SolarMarker Stealer and other types of malware.