AsyncRAT Distributed via WSF Script Posted By ch.lim , December 6, 2023 The AhnLab Security Emergency response Center (ASEC) analysis team previously posted about AsyncRAT being distributed via files with the .chm extension. [1] It was recently discovered that this type of AsyncRAT malware is now being distributed in WSF script format. The WSF file was found to be distributed in a compressed file (.zip) format through URLs contained within emails. [Download URLs]1. https://*****************.com.br/Pay5baea1WP7.zip2. https://************.za.com/Order_ed333c91f0fd.zip3. https://*************.com/PAY37846wp.zip4. https://*****.****.co/eBills37890913.zip Decompressing the first downloaded zip file yields a file with a .wsf file extension. This file mostly consists of…
Infostealer Being Distributed via Spam Email (AgentTesla) Posted By ohmintaek , October 10, 2023 AhnLab Security Emergency response Center (ASEC) spotted the AgentTesla Infostealer being distributed through an email in the form of a malicious BAT file. When the BAT file is executed, it employs the fileless method to run AgentTesla (EXE) without creating the file on the user’s PC. This blog post will provide an explanation of the distribution process, from the spam email to the final binary (AgentTesla), along with related techniques. Figure 1 shows the body of the spam email distributing…
AsyncRAT Being Distributed in Fileless Form Posted By jcleebobgatenet , August 24, 2022 The ASEC analysis team has recently discovered that malicious AsyncRAT codes are being distributed in fileless form. The distributed AsyncRAT is executed in fileless form through multiple script files and is thought to be distributed as a compressed file attachment in emails. AsyncRAT is an open-source RAT malware developed with .NET that can execute various malicious activities under the command of the attacker. The compressed file being distributed through phishing emails has an html file and executing this file will…
Change in Magniber Ransomware Vulnerability (CVE-2021-40444) Posted By jcleebobgatenet , October 15, 2021 Magniber is a fileless ransomware using an IE vulnerability and it is one of the ransomware that causes damage to numerous Korean users. It is difficult to prevent infection if not detected and blocked in advance during the vulnerability occurrence phase, which makes it difficult for anti-malware programs to detect it. Magniber ransomware had been distributed since March 15th, 2021 using CVE-2021-26411 vulnerability up to recently, but on September 16th, it was discovered that it changed to CVE-2021-40444 vulnerability. This…
Fileless Remcos RAT Malware Delivery Posted By jcleebobgatenet , July 29, 2021 The ASEC analysis team identified that Remcos RAT malware is being distributed through malicious macros in Excel files. As for the malware, the team introduced it in detail in the post linked below this text. While the method of coming into the system through spam mails is the same as before, it should be noted that the Remcos RAT malware is ultimately delivered filelessly after going through multiple loader stages. In summary, the overall operation method is as follows: The attacker attaches…
