all InfoSec news
MetaStealer: String Decryption and DGA overview
Malware Analysis, News and Indicators - Latest topics malware.news
By: Jonathan McCay, Joshua Platt and Jason Reaves
Unit42[1] recently tweeted about a campaign starting with a malicious email link that downloads a OneNote file used to drop and execute MetaStealer. While investigating the MetaStealer sample[2], we noticed it attempts to connect to multiple domains that seemed to be randomly named. After landing on the C2 routine, instead of decrypting a static list of servers, the sample used a domain generation algorithm[3], (DGA) to derive the list. Predominantly used as …
article blog decryption dga global jason link may medium metastealer tech walmart