216.73.217.80

Exposing FakeBat loader: distribution methods and adversary infrastructure

· Published 02/07/2024 08:33 · Modified 02/07/2024 09:28

Export JSON

Essential information

Published
02/07/2024 08:33
Modified
02/07/2024 09:28
Tags
2024-07-02 drive-by-download eugenfest eugenloader fakebat loader malvertising payk_34 paykloader social engineering
Related entities
200 observables, 1 intrusion sets (apt), 10 techniques (mitre), 3 malware

Description

During the first semester of 2024, (aka , ) was one of the most widespread loaders using the drive-by download technique. Researchers uncovered multiple distribution campaigns leveraging , software impersonation, fake web browser updates, and schemes on social networks to trick users into downloading the malware. Analysts monitored the C2 infrastructure and identified over 130 domain names associated with high confidence to the C2 servers since August 2023. The report provides IoCs, YARA rules and tracking heuristics to monitor the distribution and C2 infrastructures.

External references