Excel File Deploys Cobalt Strike at Ukraine
Essential information
- Published
- 04/06/2024 17:24
- Modified
- 04/06/2024 17:31
- Tags
- 2024-06-04 evasion excel malware ukraine
- Related entities
- 10 observables, 13 techniques (mitre), 2 malware, 2 others
Description
A sophisticated multi-stage cyberattack was identified, utilizing an Excel file embedded with a VBA macro designed to deploy a DLL file. The attacker employed various evasion techniques and a multi-stage malware strategy to deliver the notorious 'Cobalt Strike' payload, establishing communication with a command and control server. The attack targeted Ukraine, leveraging location-based payload downloads and encoded strings to conceal crucial import strings and facilitate deployment of DLL files for persistence and payload decryption. The self-deleting feature and DLL injector with anti-debugging mechanisms aimed to evade detection, ultimately leading to the execution of Cobalt Strike on compromised endpoints in Ukraine.