The New Malware Distribution Service

SUMMARY :

This analysis uncovers a novel malware distribution mechanism utilizing VBE scripts stored in archive files to spread various malware families, including AgentTesla, Remcos, Snake, and NjRat. It details the infection chain, which involves downloading encoded files from a command-and-control server, storing data in the registry, creating scheduled tasks, and employing techniques like process hollowing for payload injection. The final payload is revealed to be the SNAKE Keylogger, known for stealing sensitive data like keystrokes, screenshots, and clipboard contents.

OPENCTI LABELS :

keylogger,malware,agenttesla,injection,evasion,remcos,bladabindi,njrat,njw0rm,lv,ekans,snakehose,distribution


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The New Malware Distribution Service