Rewterz Threat Alert – New Molerats Malware Targets Governments in the Middle East – Active IOCs

June 21, 2021

Severity

Medium

Analysis Summary

A malware called LastConn distributed by TA402, a threat actor also known as Molerats. The malware targeted government institutions in the Middle East and global government organizations associated with geopolitics in the region. TA402 is a Middle Eastern advanced persistent threat (APT) group that often targets entities in Israel and Palestine, in addition to other regions in the Middle East. In campaigns identified throughout 2021, TA402 leveraged Middle Eastern geopolitical themes including the ongoing conflict in the Gaza Strip. The custom malware implant identified by Proofpoint enables the threat actor to conduct reconnaissance on the target host and exfiltrate data. TA402 leveraged multiple mechanisms to avoid automated threat analysis including geofencing based on IP addresses, only targeting computers with Arabic language packs installed, and password-protected archive files to distribute malware.

Impact

Credential Theft
Data Exfiltration

Indicators of Compromise

MD5

a03f516285d496d7f15c2e992846d109
d07654434d64b73fe8cb49cfb9b7e3fb
80ece9b10c07fef60a7bdffa292da7de
d07654434d64b73fe8cb49cfb9b7e3fb
674bbb246435921097548e2c4b519354
80ece9b10c07fef60a7bdffa292da7de
a03f516285d496d7f15c2e992846d109

SHA-256

6d65804ca8f71e21b18de08176a53d8f203bc23629dd822ef3c0da217f95f119
f55e2050733576fa16452e2589a187f4bf202ca3b54b1497ba2c006e8d3bdd45
1cf18ce4becf2244fb715aa52eb4d56b569a95f2a1e7a835d217a20a2757a2d8
f55e2050733576fa16452e2589a187f4bf202ca3b54b1497ba2c006e8d3bdd45
0db46fea5a0be8624069f978f115e4270833df29ed776c712182327a758fd639
0f36088ed9f5ffd4b42d35789113e99d8839edc52e554dbee0969bcad0200cfb
1cf18ce4becf2244fb715aa52eb4d56b569a95f2a1e7a835d217a20a2757a2d8
6d65804ca8f71e21b18de08176a53d8f203bc23629dd822ef3c0da217f95f119
cd60488acc0cc596c0de63eb0a7bca4ada4748fc4e76a86ca0fab42f15050347

SHA-1

58f97a1534d83bb1b51cd1e39252a0be809cbcf4
8fc864f028b59a3c4a34b013c119d79c5d72e24f
c61e29aeb04bd6e4eb44b12bda49f5da9731d6e0
8fc864f028b59a3c4a34b013c119d79c5d72e24f
6c5a12188e6befa0cf52ed3c14b695f821fd24ce
c61e29aeb04bd6e4eb44b12bda49f5da9731d6e0
58f97a1534d83bb1b51cd1e39252a0be809cbcf4

Remediation

Block all threat indicators at your respective controls
Search for IOCs in your environment

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

iOS Activation Bug Allows Unauthenticated XML Injection

Critical Threat: Gunra Ransomware Targets Critical Sectors Worldwide – Active IOCs

Lyrix Ransomware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2021- 21552 – Dell Wyse Windows Embedded System Security Update for an Improper Authorization Vulnerability

Rewterz Threat Alert – DarkSide Ransomware Targets Energy and Food Sectors – Active IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.