FortiGuard Labs uncovered a sophisticated attack campaign utilizing multiple obfuscation and evasion techniques to distribute and execute various malware, including VenomRAT, XWorm, AsyncRAT, and PureHVNC. The campaign starts with a phishing email containing a malicious attachment that initiates a series of harmful activities. All the malware employs packing and obfuscation tools like Kramer, donut, and laZzzy to conceal their presence. The analysis focuses on the PureHVNC malware, which collects victim information, targets crypto wallets, password managers, and two-factor authenticators, and can execute additional plugins for remote desktop control and execution. Author: AlienVault
Related Tags:
T1547.003
T1055.002
T1559.001
T1566.001
T1053.005
T1547.001
T1059.001
T1021.001
AsyncRAT
Associated Indicators:
71B797032458AAB9B4A1A203E7CA413F009AF1961CFFB98590E34F672574599A
7C4E613CF4DB19F54030097687227809F965A951A26A44A882692ECE6E642E3C
16A4DE0540181BAB7C5D25FCDF90838A28F2DFF4ED9E0E37DE3F5F1AB20AFE0A
B393323B9834656A2999198D4F02C1A159C6034D3C20C483D22A30AAB3810C0C
72CE64D50F9AA15B21631307D2143F426364634A7A2EE4B401EF76BD88C4FF3B
503CE7BCEFDFFB96B5DE78254F947598A410B86D3AAF597C7334E248C46DAE5B
2B7EE0CCFA45D2F53098CD8AA4CE73CB00ACE462D8490E6843BF05CD07854553
D4E8BF427C196D1D5FFCA52A5AF7162CC5CF4DF730EE3FE65B4381AC79662A15
8D28191F647572D5E159F35AE55120DDF56209A18F2CA95A28D3CA9408B90D68