Category: Unknown Threats

Latrodectus updates to version 1.4 with AES-256 string encryption We found a new Latrodectus version (1.4) which switched its string encryption routine to AES-256. This new version also utilizes the /test/ C2 endpoint, indicating that it is an early testing sample for this version. In a nutshell: PRNG and XOR

Malware goes undetected by hiding malicious code in uncommon MS Access format 0/64 detections on VirusTotalas of 05.08.2024 The VMRay Labs team has uncovered a malware that goes completely undetected for weeks by hiding malicious p-code in MS Access’ uncommon ACCDE format. Microsoft Access allows users to export their databases

Malicious batch file reveals full behavior only when it’s started by a double-click. 0/64 detections on VirusTotal as of 04.07.2024 The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal with no security vendors flagging it (0/64). This batch file

Obfuscated batch file downloads open-source stealer straight from GitHub 0/64 detections on VirusTotal as of 03.07.2024 The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal, with no security vendors flagging it (0/64). This batch file downloads an open-source stealer

Malware executes its payload only when the screen is locked. 3/48 detections on VirusTotal as of 04.06.2024 The VMRay Labs team has uncovered a malicious Excel file uses macros to download an image from a remote resource – but hidden inside are the commands to execute the next payload Then

AgentTesla delivered via exploiting Microsoft Office 5/61 detections on VirusTotalas of 14.05.2024 Malicious Microsoft Excel document used to exploit a vulnerability in Equation Editor, leading to the execution of AgentTesla. 5 of 61 detections on VirusTotal HASH: dc62fc5febad93b231a91fcb806df63441c6dff69b9a7c793aec78373f45e888 XLS → Equation Editor → Agent Tesla Malicious code loaded via remote