Backdoored configuration script waits until user is inactive (!) to run Linux malware VMRay Labs has found a backdoored build configuration script for httpd designed to drop and run the XMRig malware to mine Monero. ⛏️ ⏳ Surprisingly, the script waits until the user has been inactive for at least
Latrodectus updates to version 1.4 with AES-256 string encryption We found a new Latrodectus version (1.4) which switched its string encryption routine to AES-256. This new version also utilizes the /test/ C2 endpoint, indicating that it is an early testing sample for this version. In a nutshell: PRNG and XOR
Malware goes undetected by hiding malicious code in uncommon MS Access format 0/64 detections on VirusTotalas of 05.08.2024 The VMRay Labs team has uncovered a malware that goes completely undetected for weeks by hiding malicious p-code in MS Access’ uncommon ACCDE format. Microsoft Access allows users to export their databases
Malicious batch file reveals full behavior only when it’s started by a double-click. 0/64 detections on VirusTotal as of 04.07.2024 The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal with no security vendors flagging it (0/64). This batch file
Obfuscated batch file downloads open-source stealer straight from GitHub 0/64 detections on VirusTotal as of 03.07.2024 The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal, with no security vendors flagging it (0/64). This batch file downloads an open-source stealer
Malware executes its payload only when the screen is locked. 3/48 detections on VirusTotal as of 04.06.2024 The VMRay Labs team has uncovered a malicious Excel file uses macros to download an image from a remote resource – but hidden inside are the commands to execute the next payload Then
AgentTesla delivered via exploiting Microsoft Office 5/61 detections on VirusTotalas of 14.05.2024 Malicious Microsoft Excel document used to exploit a vulnerability in Equation Editor, leading to the execution of AgentTesla. 5 of 61 detections on VirusTotal HASH: dc62fc5febad93b231a91fcb806df63441c6dff69b9a7c793aec78373f45e888 XLS → Equation Editor → Agent Tesla Malicious code loaded via remote
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
Ready to stress-test your malware sandbox? Join us for a no-fluff, all-demo webinar that shows you real techniques to evaluate and optimize your sandboxing solution!
