Quote:A newly discovered initial-stage malware dropper has been discovered sneaking by antivirus products, with the ultimate goal of delivering a double-pronged whammy of RevengeRAT and WSH RAT payloads onto targeted Windows machines.
A FortiGuard Labs team recently captured a sample file that had been flagged as suspicious, but which had a notably low detection rate in VirusTotal. After putting the code through manual analysis, it turns out that the file was designed to drop the duo of remote access trojans (RATs) via a multi-stage infection process.
The sample starts its process with a JavaScript code in a text editor, containing URL-encoded data.
“Once it’s decoded, we were able to uncover VBScript [Visual Basic Script] code,” explained Chris Navarrete and Xiaopeng Zhang, in an analysis posted Wednesday. “The author of this malware used simple character replacement when calling the ‘Chr()’ function in an attempt to hide the actual strings.”
Read more: https://threatpost.com/malware-dropper-d...ts/150271/
![[-]](https://www.geeks.fyi/images/collapse.png)
