A PAINFUL QUICKHEAL
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This report analyzes a QUICKHEAL malware sample associated with the Chinese PLA-linked Needleminer group. The 32-bit DLL, protected by VMProtect, targets the telecom sector and was compiled in April 2022. It can steal credentials from Firefox and Internet Explorer browsers. The malware communicates with a C2 server using HTTP and attempts to establish connections via proxy. It employs various obfuscation techniques, including renaming cmd.exe and using a custom API resolver. The attackers' infrastructure, spanning multiple years and campaigns, shows poor operational security but targets diverse sectors and countries, including India, South Korea, and potentially the Middle East.
OPENCTI LABELS :
quickheal,vmprotect,pla,redfoxtrot,nomad panda
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
A PAINFUL QUICKHEAL