CoreWarrior Spreader Malware Surge


This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring. Infection Cycle

The malware is a UPX-packed executable that has been manually tampered with and will not unpack using the standard UPX unpacker.

Read more…
Source: Sonicwall


Sign up for our Newsletter


Related:

  • Catching “EC2 Grouper”- no indicators required!

    December 30, 2024

    Through the years of analyzing identity compromises in the cloud, Fortinet researchers have seen the same attackers pop up regularly, some more frequently than others. Among the more prolific ones they’ve come to know is one they’ve dubbed “EC2 Grouper”. Over the past couple of years, they’ve seen this actor in several dozen customer environments, ...

  • U.S. Treasury Department Says Systems Hacked by China-Backed Actor

    December 30, 2024

    The Treasury Department told lawmakers Monday that a state-sponsored actor in China hacked its systems, accessing several user workstations and certain unclassified documents. The treasury was informed on Dec. 8 by a third-party software service provider, BeyondTrust, that a threat actor used a stolen key to remotely access certain workstations and unclassified documents, according to a ...

  • Google Chrome extensions targeted by hackers to steal user passwords

    December 30, 2024

    Cyberhaven has confirmed its Google Chrome extension was the subject of a Christmas Eve cyberattack, exposing sensitive customer data like passwords and session tokens. In a statement, the data loss prevention company noted the attack showed signs of being part of a “wider campaign” to target other companies, too. The attack started as many others do ...

  • Singapore OSV player Vallianz hit by cyber attack

    December 30, 2024

    Singapore OSV owner and operator Vallianz has been hit by a cyberattack that has allowed an unknown party unauthorised access to the company’s servers. Upon discovering the ransomware incident, the firm – and its parent company Rawabi Holding Company Limited – took immediate action to identify, contain, and address the incident with the help of external ...

  • Cyber attack on Italy’s Foreign Ministry, airports claimed by pro-Russian hacker group

    December 28, 2024

    Hackers targeted around ten official websites in Italy on Saturday, including the websites of the Foreign Ministry and Milan’s two airports, putting them out of action temporarily, the country’s cyber security agency said. The pro-Russian hacker group Noname057(16) claimed the cyber attack on Telegram, saying Italy’s “Russophobes get a well deserved cyber response”. Read more… Source: MSN News Sign ...

  • Record-breaking ransoms and breaches: A timeline of ransomware in 2024

    December 27, 2024

    It was another record-breaking year for ransomware. When file-locking malware wasn’t causing widespread disruption, like downing online services and lasting outages, ransomware was the cause of unprecedented data theft attacks affecting hundreds of millions of people, in some cases for life. While governments have struck some rare wins against ransomware hackers over the past 12 months, ...