Combating the Fireball Malware
Insights

Threat Report: Combating the Fireball Malware

As news of the latest global malware called Fireball has been reported by publications including InfoSecurity Magazine, we were concerned. Based on several reports, the Fireball malware has infected up to 20% of corporate networks and over 250 million devices. Several sources have also reported that it can be traced back to a digital marketing agency in China.

Our threat team tested the 8 samples listed on Checkpoint’s blog to give us a threat report.

BluVector successfully flagged the following eight hashes:

FAB40A7BDE5250A6BC8644F4D6B9C28F

69FFDF99149D19BE7DC1C52F33AAA651

B56D1D35D46630335E03AF9ADD84B488

8C61A6937963507DC87D8BF00385C0BC

7ADB7F56E81456F3B421C01AB19B1900

84DCB96BDD84389D4449F13EAC750986

2B307E28CE531157611825EB0854C15F

7B2868FAA915A7FC6E2D7CC5A965B1E7

BluVector  also provided the three hashes that appear to be benign:

2579DF066D38A15BE8142954A2633E7F – This is a legitimate Microsoft SysInternals utility. It is signed with a valid Microsoft digital signature. The signature has expired, but this is consistent with the file being released by Microsoft in September 2014.

5BCE955CF12AF3417F055DADC0212920 – This is the QQBrowser released by Tencent. It is also signed with a valid and current Tencent digital signature. QQBrowser can be considered a potentially unwanted application. In this case it is not malicious.

66E4D7C44D23ABF72069E745E6B617ED –  Another legitimate Microsoft utility signed with a valid Microsoft digital signature. While the signature has expired, this is consistent with the file being released by Microsoft in 2016.

The good news for current BluVector customers is that their already installed devices were already capable of detecting Fireball within in their environments.

About Threat Report
BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Read more Threat Reports here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Interested in learning about BluVector?Contact Us >