Decoding the Stealthy Memory-Only Malware
Essential information
- Published
- 23/08/2024 09:11
- Modified
- 23/08/2024 09:31
- Tags
- 2024-08-23 cryptbot infostealer javascript lummac.v2 malware obfuscation powershell shadowladder
- Related entities
- 23 observables, 1 techniques (mitre), 3 malware
Description
This intelligence report provides an in-depth analysis of a complex, multi-stage malware campaign called PEAKLIGHT. It details the infection chain, starting with movie lure ZIP files containing malicious LNK files that initiate a JavaScript dropper. This dropper then executes a PowerShell downloader script, PEAKLIGHT, responsible for retrieving additional payloads from a content delivery network. The report examines different variations of PEAKLIGHT and the malware it delivers, including LUMMAC.V2, SHADOWLADDER, and CRYPTBOT. The analysis highlights the obfuscation techniques employed by the threat actors, such as system binary proxy execution and CDN abuse.