RAT is such a famous type of malware, short for Remote Access Trojan, and it has remained a favorite tool among cybercriminals for more than a decade. From old-school backdoors to modern modular threats, the concept remains the same, full remote control of the victim system. In this analysis, we will go through static and dynamic analysis to uncover its persistence tricks, command handling and infostealer features.
Fake RuneScape private server site, ikovrsps[.]org, tricks users into downloading a malicious Ikov.jar file along with Java allegedly required to play the game. It is actually a trojan that steals data, establishes persistence and drops two second-stage payloads: image.exe and images.exe. Both exhibit low detection rates on VirusTotal, with one impersonating the legitimate RuneLite client. Here's how the attack chain unfolds.
Obfuscated PowerShell script has been identified that loads a .NET assembly into memory and executes it from memory. This malware sample is a batch file script but it contains PowerShell component exhibits multiple techniques commonly associated with fileless attacks such as Base64 encoding, GZIP compression, byte-order manipulation and reflective in-memory loading via the .NET runtime. Deobfuscation and stepwise analysis reveal how the loader achieves stealthy execution without writing the final binary to disk, classic fileless tricks to stay hidden and annoy defenders.
OneStart is one of those annoying programs that gets installed without you really wanting it. You download some free software, click through the installer too fast and suddenly your browser has a new homepage and you're seeing extra ads everywhereIt is not exactly malware but it is definitely unwanted
Walk through the analysis of a sample that was flagged by a large number of antivirus engines on VirusTotal, yet turned out to be completely harmless. These kinds of high false positives are not uncommon, especially when scripts or tools used for internal automation resemble behaviors typically associated with malware.