Multiple Malware Dropped Through MSI Package

216.73.217.69

Multiple Malware Dropped Through MSI Package

· Published 14/08/2024 11:14 · Modified 14/08/2024 11:44

Essential information

Published: 14/08/2024 11:14
Modified: 14/08/2024 11:44
Tags: 2024-08-14 c2 dropper persistence powershell redline sectoprat stealer
Related entities: 11 observables, 12 techniques (mitre), 2 malware, 1 others

Description

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-control servers located in Russia. The investigation underscores the importance of exercising caution when dealing with untrusted software packages.

External references

https://isc.sans.edu/diary/rss/31168
https://otx.alienvault.com/pulse/66bc91ace814e6438f780ac4