![]() To steal the password from the compromised systems, the attacker deploys two versions of the Mimikatz password-scraping tool for both operating system architectures x86 and 圆4. The first payload deployed into the infected system is a bitcoin miner which renames as java.exe and mine bitcoin every 3 weeks at 3 am. The IP address of the distributed server was identified as 125.7.152.55 and located in South Korea and the “.”īelow image shows that new components are downloaded and executed on the infected host in every stage of the attack: After execution and the VBS script will download further malicious payload to windows systems from a distributed server. The victims are targeted through spear phishing messages containing a malicious VBS file attached. Researchers said that they found variants of Gh0st RAT used in Iron Tiger APT operation among the most downloaded malicious files which indicate a possible return of the Chinese APT group. The payloads are diversified and include capabilities to download and execute additional binary files, collect private information and remotely execute commands on the system.” “An interesting feature of this threat, which drew our team to the challenge of analyzing it, is that it features a network of malicious subdomains, each one used for a specific task (download, upload, RAT related actions, malware DLL delivery). The malware is capable of password stealing, bitcoin mining and gaining full control of the system.Īnother interesting feature is that the malware contains a network of malicious subdomains, each one used for a specific task such as download, upload, RAT related actions, malware DLL delivery. Malware Researchers from Bitdefender said they discovered a custom build piece of malware which they have been monitoring for last several months. Security researchers have discovered a new campaign named Operation PZChao targeting government, technology, education, and telecommunications sectors in Asia and the US. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |