Spear Phishing Campaign Delivers VIP Keylogger via Email Attachment
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated spear phishing campaign has been identified, distributing the VIP keylogger through email attachments. The malware is delivered via a ZIP file containing a malicious executable disguised as a PDF. Once executed, an AutoIt script drops two encrypted files, which are then decrypted and injected into RegSvcs.exe using process hollowing techniques. The VIP keylogger is designed to steal sensitive information by logging keystrokes, capturing credentials from popular web browsers, and monitoring clipboard activity. The campaign employs obfuscation techniques and maintains persistence through a VBS script in the Startup folder. The final payload exfiltrates data through SMTP and communicates with a command and control server.
OPENCTI LABELS :
process hollowing,spear phishing,obfuscation,exfiltration,autoit,data theft,persistence,vip keylogger
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Spear Phishing Campaign Delivers VIP Keylogger via Email Attachment