New Sophisticated Multi-Stage Malware Campaign Uses VBS Files to Execute PowerShell Script
gbhackers
A recently uncovered malware campaign has revealed a highly sophisticated, multi-stage infection process utilizing heavily obfuscated Visual Basic Script (VBS) files to deploy remote access trojans (RATs) such as Remcos, LimeRAT, DCRat, and AsyncRAT.
Discovered across a cluster of 16 open directories on various hosts, this campaign relies on a file named “sostener.vbs” (Spanish for “sustain”) as a key component of its initial payload.
Discovery of a Complex Malware Deployment System
The intricate design of this malware delivery system, which involves a three-stage process of obfuscation, dynamic script generation, and remote payload downloads, highlights the evolving tactics of modern cyber threats.
Researchers have noted potential ties to APT-C-36 (Blind Eagle), a Colombian threat actor known for similar techniques, though definitive attribution remains unconfirmed.
The malware operates through a meticulously crafted three-stage process. In the first stage, the obfuscated VBScript, often ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE