The distribution of malware compiled with AutoIt has been rapidly increasing, surpassing .NET-type malware. AutoIt, a scripting language for Windows automation, is preferred due to its ease of compilation into EXE files and fewer dependencies. The trend began in August 2024, with AutoIt malware nearly matching .NET malware distribution by December. XLoader was the most distributed malware, followed by SnakeKeylogger, RedLine, AgentTesla, and RemcosRAT. The report discusses the structure of AutoIt executables, noting changes in how the script is included and encrypted in different versions. Three specific cases of AutoIt malware distribution are mentioned, highlighting the growing threat posed by this type of malware in phishing campaigns. Author: AlienVault
Related Tags:
T1059.005
T1588.002
RemcosRAT
XLoader
AgentTesla
infostealer
RedLine
autoit
T1204
Associated Indicators:
17A478564C4EB41B217AE131AB1B433278BB60BD0D4B0F876F602D71336ABAE3
0D76A185C479321A6EB599B67DE8126EB81D5E3F8A1B9D93C0ABAEEEF9C89E40
A8C28B230CD5970DF75D0DB657285F4338778640
33DE149315CA65380F3F4F39AC3DCB85E36F588D
939C3757AE0F62CDA2EF34935D34F3AC70BBA776
02371E83603C6F0718C1297BB9C92139
0084FA11E77425FD332E10928312F760
001C439EF3941045F1D139D2172FC922
013EDDD3584C1BEBDFF3E5EFC99EF3D7