Analysis of Ransomware With BAT File Extension Attacking MS-SQL Servers (Mallox) Posted By eastston , June 21, 2023 AhnLab Security Emergency response Center (ASEC) has recently discovered the Mallox ransomware with the BAT file extension being distributed to poorly managed MS-SQL servers. Extensions of files distributed to poorly managed MS-SQL servers include not only EXE but also BAT, which is a fileless format. The files distributed with the BAT file extension that has been discovered so far are Remcos RAT and Mallox. The distributions include cases that use PowerShell and sqlps. The sqlps distribution was covered on the…
Tracking Process Hollowing Malware Using EDR Posted By ohmintaek , June 1, 2023 AhnLab Security Emergency response Center (ASEC) once released a report on the types and distribution trends of .NET packers as shown in the post below. As indicated in the report, most .NET packers do not create actual malicious executables hidden via packing features in the local path, injecting malware in normal processes to run them instead. .NET packers are being exploited as initial distribution files or as mid-process loaders for various malware types such as Remcos, FormBook, ScrubCypt, AsyncRAT, etc. It…
Tracking Traces of Malware Disguised as Hancom Office Document File and Being Distributed (RedEyes) Posted By eastston , June 1, 2023 AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of malware disguised as Hancom Office document files. The malware that is being distributed is named “Who and What Threatens the World (Column).exe” and is designed to deceive users by using an icon that is similar to that of Hancom Office. Decompressing the compressed file reveals a relatively large file with a size of 36,466,238 bytes. AhnLab Endpoint Detection and Response (EDR) is capable of detecting such attack techniques through its…
