HomeUpdateWhat did the researchers found out about RatDispenser?

What did the researchers found out about RatDispenser?

-

Last Updated on 29/11/2021 by Nidhi Khandelwal

According to HP Threat Research, the actors behind RATDispenser may be using a Malware-as-a-Service (MaaS) architecture to transmit eight malware families.

STRAT, WSHRAT, AdWind, Formbook, Remcos, Panda Stealer, GuLoader, and Ratty are among the malware families supplied.

All of the payloads were identified as RATs, which collect information¬†and allow attackers to take control of victims’ devices.

What did the researchers found out about RatDispenser? 1

RATDispenser was used in the majority of the attacks to obtain initial access before launching secondary malware to take control of the device.

RATDispenser is being used as a dropper in 94 percent of the examined samples, indicating that it does not communicate over the network to transmit a malicious payload.

A user receives an email containing a malicious attachment, which starts the infection chain. For instance, a JavaScript file (.js) disguised as a text file providing order information.

What did the researchers found out about RatDispenser? 2

When a user double-clicks the file to open it, the malware is executed. Then, using cmd[.]exe at runtime, JavaScript decodes itself and writes a VBScript file in the percent TEMP percent folder.

A lengthy and chained argument is supported by the cmd[.]exe process. The echo function is then used to write sections of this to a new file. The VBScript file then executes and downloads the malware payload.

If the malware payload is downloaded successfully, it is run and the VBScript file is deleted.

RATDispenser is thought to be distributed as MaaS and has been seen spreading a variety of malware. As a result, enterprises should implement reliable anti-malware and anti-phishing solutions, as well as network firewalls. Furthermore, always

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

DirectTV streaming network will sell your data even if you don’t...

0
DirectTV is a streaming network that delivers streaming content as a service. The content is generally live sports and 14.6M+ people subscribe to their...