The Agenda ransomware group has expanded its capabilities by incorporating SmokeLoader malware and a new loader called NETXLOADER. NETXLOADER is a highly obfuscated .NET-based loader that utilizes advanced techniques to evade detection and complicate analysis. The group has been targeting healthcare, technology, financial services, and telecommunications sectors across multiple countries. NETXLOADER employs sophisticated methods such as JIT hooking, API obfuscation, and memory manipulation to deploy payloads like Agenda ransomware and SmokeLoader. The attack chain involves multiple stages of evasion, discovery, and command and control communications. This evolution in tactics poses increased risks of data theft and device compromise for potential targets. Author: AlienVault
Related Tags:
T1134.002
T1573.001
evasion
Netherlands
Rust
Philippines
SmokeLoader
T1071.001
ransomware
Associated Indicators:
1399E63D4662076EEED3B4498C2F958C611A4387
4684AA8AB09A70D0E25139286E1178C02B15920B
BDF33E2BA85F35EA86FB016620371FE80855FE68
05BF016C137230BFDC6EAAE95B75A56AFF76799D
16B776FF80F08105B362F9BC76C73A21C51664C2
pzh1966.com
blogmstat599.xyz
mxblog77.cfd
demblog797.xyz