BlackMoon Banking Trojan aka KrBanker – Active IOCs
May 8, 2025CVE-2025-20188 – Cisco IOS XE Software Vulnerability
May 8, 2025BlackMoon Banking Trojan aka KrBanker – Active IOCs
May 8, 2025CVE-2025-20188 – Cisco IOS XE Software Vulnerability
May 8, 2025Severity
High
Analysis Summary
WSHRAT, also known as "Windows Script Host Remote Administration Tool," is a type of malware that allows a hacker to remotely access and control a victim's computer through the use of malicious scripts, typically written in JavaScript or VBScript. This malware is typically spread through phishing emails, social engineering tactics, or through the use of exploit kits on compromised websites. Once a victim's computer is infected with WSHRAT, threat actors can use it to steal sensitive information, install additional malware, or use the victim's machine as part of a botnet for various malicious activities. To protect against WSHRAT, it is recommended to keep your computer updated with the latest security patches, use anti-virus software, and be cautious when clicking on links or opening attachments from unknown sources.
Impact
- Unauthorized Access
- Remote Command Execution
- Sensitive Information Theft
Indicators of Compromise
MD5
0feb7dd6eff686c643916826c1e1e7b6
71579a19df04a9a37c014587860aba5b
29b0a7f19524484a31f53650a302300a
9df143fba14d606988bce4b9a68f8740
SHA-256
e8ea1d145feaf54a7e17df03c200233bab323db3c65275788597c76ab8d2c0a6
0d526fb96cc2c9b55895b67689cccac4d8d3797ed932fc19b7dba3376106db77
3d4b9931845a5794632ebeeb639d52c63e7023f2224c5de1e1e729f21ea7adb8
cb2de45d67dcb8f6da0ca061ae978c66dec9b540ac658adf06bf010a3919e27c
SHA1
baeafe428e3a41845e119086f32457722b17df8c
7b79061b9251a541b27ffcbdfa848188ef5fc381
8e4abf643704fba601349a11be24250fdc89ce42
e6d610f07f07bf986bbbdb6d8b592e6a8749ff0c
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets
- Patch and upgrade any platforms and software timely and make it into a standard security policy.