According to HP Threat Research, the actors behind RATDispenser may be using a Malware-as-a-Service (MaaS) architecture to transmit eight malware families.
STRAT, WSHRAT, AdWind, Formbook, Remcos, Panda Stealer, GuLoader, and Ratty are among the malware families supplied.
All of the payloads were identified as RATs, which collect information and allow attackers to take control of victims’ devices.
RATDispenser was used in the majority of the attacks to obtain initial access before launching secondary malware to take control of the device.
RATDispenser is being used as a dropper in 94 percent of the examined samples, indicating that it does not communicate over the network to transmit a malicious payload.
A lengthy and chained argument is supported by the cmd[.]exe process. The echo function is then used to write sections of this to a new file. The VBScript file then executes and downloads the malware payload.
If the malware payload is downloaded successfully, it is run and the VBScript file is deleted.
RATDispenser is thought to be distributed as MaaS and has been seen spreading a variety of malware. As a result, enterprises should implement reliable anti-malware and anti-phishing solutions, as well as network firewalls. Furthermore, always