Hacks

Researchers discovered a new wave of custom malware campaign named as “Dudell” from previous unknown cyberespionage group dubbed  Rancor . Rancor Threat group active since 2017, and they continuously targeting the government organization until January 2019, in this current campaign, researchers discovered an undocumented custom malware. Additionally, the group using another malware family called “Derusbi” to load a secondary payload once it infiltrates a target, and malware will be installed in the victim’s machine by conducting 2 rounds of attack. Researchers observed that, the attacker sent via 149.28.156[.]61 to deliver either Derusbi or KHRat samples with either  cswksfwq.kfesv[.]xyz or connect.bafunpda[.]xyz as C2. Rancor has a record of conducting targeted attacks in Southeast Asia throughout 2017 and 2018. DUDELL Malware Infection Process DUDELL malware initially observed form weaponized Microsoft excel document via malspam...

Researchers discovered a new  malware  campaign that drops two different Remote Access Trojan(RAT) on targeted Windows systems and steal sensitive information from popular browsers such as Chrome and Firefox. The samples that uncovered by Fortinet researchers drop the RevengeRAT and WSHRAT malware and it has various obfuscation functionalities that use the various stage to maintain the persistence. RAR’s Infection Process RevengeRAT The RAT has infected the victims by utilizing the different stages. When opening the malicious sample file, it contained JavaScript code in a text editor with encoded data. Once decoded its drops the VBScript code is responsible for drop the next stage of malware. The dropper then later download the second stage of malicious downloader( “A6p.vbs” file) from the external website which also contains an obfuscated strings to avoid detection. If the downloader script will be successfully executed then it establishes a connection with...