The New Malware Distribution Service

1(520) 261-1728

This analysis uncovers a novel malware distribution mechanism utilizing VBE scripts stored in archive files to spread various malware families, including AgentTesla, Remcos, Snake, and NjRat. It details the infection chain, which involves downloading encoded files from a command-and-control server, storing data in the registry, creating scheduled tasks, and employing techniques like process hollowing for payload injection. The final payload is revealed to be the SNAKE Keylogger, known for stealing sensitive data like keystrokes, screenshots, and clipboard contents. Author: AlienVault

Related Tags:
ekans

SNAKEHOSE

EKANS – S0605

Bladabindi

Njw0rm

njRAT – S0385

T1558

injection

Associated Indicators:
6D1D8197029F5D5F0AD961178DB8574FEFB7A65B

C39A2E4FBCCE649CB5AC409D4A2E1B1F

8ACCCB571108132E1BBE7C4C60613F59

FD4302CDFACBC18E723806FDE074625B

http://144.91.79.54/1109/file

http://144.91.79.54/1109/r

http://144.91.79.54/1109/s

http://144.91.79.54

http://144.91.79.54/1109/H011yiDJHSNr3TuAtkpt.txt

Threat Intel Solutions

The New Malware Distribution Service

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us