CoreWarrior Spreader Malware Surge
Oct. 15, 2024, 11:45 a.m.
Tags
External References
Description
This report delves into an analysis of CoreWarrior, a persistent trojan designed for rapid propagation. It creates multiple copies of itself, attempts connections to various IP addresses, opens backdoor access, and hooks Windows UI elements for monitoring purposes. The malware employs techniques like anti-debugging, evasion through randomized sleep timers, and virtual environment detection. It also references protocols like FTP, SMTP, and POP3 for potential data exfiltration. The report provides indicators of compromise, including hashes, and highlights SonicWall's proactive security measures to safeguard against this threat.
Date
Published: Oct. 15, 2024, 11:26 a.m.
Created: Oct. 15, 2024, 11:26 a.m.
Modified: Oct. 15, 2024, 11:45 a.m.
Indicators
8c97329cf7e48bb1464ac5132b6a02488b5f0358752b71e3135d9d0e4501b48d
85a6e921e4d5107d13c1eb8647b130a1d54ba2b6409118be7945fd71c6c8235f
http://wecan.hasthe.technology/upload
Attack Patterns
CoreWarrior
T1207
T1024
T1035
T1089
T1583
T1012
T1014
T1057
T1105
T1204
T1033
T1027
T1112
T1090
T1059