The malware is distributed via malware disguised as PUP installer. Multiple collected samples were disguised as files with extensions of pdf and xlsx.īeamWinHTTP is a downloader malware that ranked third place with 10.3% (tied with AgentTesla). Telegram : hxxps://api.telegramorg/bot5687731944:AAEDpsUftmaHrKNSGkOlhq0UZLPEvIUd8Bo/Īs most are distributed through spam emails disguised as invoices, shipment documents, and purchase orders, the file names contain such words shown above (Invoice, Shipment, and P.O.Receiver : Telegram : hxxps://api.telegramorg/bot5693068931:AAGSQSNIWDJM1FzeZVNHS020I9wVBrQdkRM/ Receiver : SMTP Server : mail.alnajimalzahircom The C&C information of recently collected samples is as follows. SMTP protocol) to leak collected information, there are samples that used FTP or Telegram API. How AgentTesla Malware is Being Distributed in KoreaĪlthough it uses emails (a.k.a. In the recent days, however, Amadey is being distributed to corporate users through malicious document files attached to spam mails and being used to install LockBit ransomware. Usually, Amadey is installed by SmokeLoader which is distributed in the disguise of normal programs and crack malware. Amadey is a downloader that can receive commands from the attacker to download additional malware, and when info-stealing modules are used, it can collect user credentials in the infected system. This week, Amadey Bot ranked second place with 12.2%. The following are the confirmed C&C server domains for RedLine: Like BeamWinHTTP, there have been numerous cases of RedLine being distributed under the disguise of a software crack file. It can also download additional malware by receiving commands from the C&C server. The malware steals various information such as web browsers, FTP clients, cryptocurrency wallets, and PC settings.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |