New Steganographic Campaign Distributing Multiple Malware Variants

SUMMARY :

A sophisticated steganographic campaign has been observed distributing multiple stealer malware variants, including Remcos, DcRAT, AgentTesla, and VIPKeyLogger. The infection chain begins with a phishing email containing an Excel file that exploits CVE-2017-0199. This leads to the download of an HTA file, which in turn downloads a VBS script. The script retrieves a JPG file concealing base64-encoded malware. The payload is then injected into legitimate processes using process hollowing techniques. The campaign demonstrates advanced evasion methods and the potential to deploy various remote access trojans, highlighting the need for robust cybersecurity practices.

OPENCTI LABELS :

phishing,process hollowing,dcrat,remote access trojan,agenttesla,obfuscation,remcos,asyncrat,steganography,cve-2017-0199,vipkeylogger


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New Steganographic Campaign Distributing Multiple Malware Variants