CoreWarrior Spreader Malware Surge

SUMMARY :

This report delves into an analysis of CoreWarrior, a persistent trojan designed for rapid propagation. It creates multiple copies of itself, attempts connections to various IP addresses, opens backdoor access, and hooks Windows UI elements for monitoring purposes. The malware employs techniques like anti-debugging, evasion through randomized sleep timers, and virtual environment detection. It also references protocols like FTP, SMTP, and POP3 for potential data exfiltration. The report provides indicators of compromise, including hashes, and highlights SonicWall's proactive security measures to safeguard against this threat.

OPENCTI LABELS :

backdoor,trojan,propagation,evasion,anti-analysis,corewarrior


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


CoreWarrior Spreader Malware Surge