Local Ottawa man laptop compromised by distributed Coin miner.
This all started with a phone call pretending to be the his
local RRSPs representative, after some social engineering the hacker was able
to get the 70-year-old man to install any desk software and provide the hacker
remote access.
A quick look in the download folder we can see:
Based on time stamps we can see that the hacker got in via legitimate
version of AnyDesk. He then used locally saved banking information to create a
bitcoin account, we also see evidence of banking transfer:
We later see the installation of variety of tools that allow
the ability to the threat actor to install Coin mining software.
IOCs:
https://www.virustotal.com/gui/file/825729b8f0ce7215119a4035f6d0267a05466fd939f598f848341f3631a0a631
https://www.virustotal.com/gui/file/92b979d18973399b806f50bd4651445d7578f60c7a8b18e4ee761cd06de795e6
Other files of interest:
https://www.virustotal.com/gui/file/930a03cb70737c49651fb96114fd3816aeb311d19cfadf312a35107924eca555
No comments:
Post a Comment