Request a Demo
Rewterz
Rewterz Threat Alert – PowerBrace Malware Targets Financial Organizations
June 23, 2020
Rewterz
Rewterz Threat Advisory – CVE-2020-10781 – Linux Kernel Denial of Service Vulnerability
June 23, 2020

Rewterz Threat Alert – Covid-19 Themed Emails Deliver New IcedID Banking Malware

Severity

High

Analysis Summary

A new version of the IcedID banking Trojan was observed by researchers as being yet another payload taking advantage of the COVID-19 pandemic for distribution. The malware is being distributed via different TTPs. This new campaign changes tactics by injecting into msiexec.exe to conceal itself and use full steganography for downloading its modules and configurations. Whereas previous versions of of IcedID injected into svchost.exe and downloaded encrypted modules and config as “.dat” files. This campaign also takes advantage of the COVID-19 pandemic by using keywords such as COVID-19 and FMLA in email sender names and attachment names. IcedID is a banking malware that performs Man-in-the-Browser attacks to steal financial information.

Impact

  • Information theft
  • Exposure of sensitive data
  • Financial loss

Indicators of Compromise

Filename

COVID-19 Center

SHA-256

  • 822a8e3dfa14cd7aaac749dc0515c35cf20632717e191568ba5daf137db7ec17
  • 74d6e374d7958e70c6733b6c17e2f0d79b629e172aaf385c142c76678647f3b8
  • 436b0c94c1be2be6b328830568ef7f031b45bf6d2377fa9f4b1f872ffb39b369
  • 4ca8c054641c1f11c033cc20ebae77c4a41853e2fe693ecf4b93a9719b624c1e
  • afdb9b4c2e9a47a137a385e41a47727c0a04b2001aab60d6b3e099d0faf4ddef
  • e4f89d4ff1d26e0959c7147df641c6dae3e0d15729a5fd275857e98225b44245
  • 3ff97578adea9f45bccea091234c5ccee6a12b3c52e7e29195a45e3c191aa926
  • e15744eb13666670ad3cf256c31df57a01c40f355a0f8a592294187d4fedc257
  • 454ff6a5ebf01fc7d9c1ced5b081d582d11119ab9b49fc06ccaf22b1b0259c23
  • 54197c58c9693580c8ca961d8ff326cbad7688b23627114f7437c59fede46e82
  • f1bf5ef89f644b1558dd54e68148e60310d537ca45c2daae2b410c30540d7de6
  • e48e4e74dc7e67523878a2cf68b2ce72b5e5c999897e075d6b993e41c81f4174
  • ef2ab4bc4ee63dd1b9f04a56fe727a87f56ddd476bc1cd72c78f4d31abff322a
  • fd11736701395813459091b6d07878c52b448a4d9a5825517a0308fbfe6fa070
  • 9979063dae01bdfffd946ed012e69fabb82be3795323a52b06532b42b0f59609

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.