216.73.217.50

New Steganographic Campaign Distributing Multiple Malware Variants

· Published 17/03/2025 18:17 · Modified 18/03/2025 09:58

Export JSON

Essential information

Published
17/03/2025 18:17
Modified
18/03/2025 09:58
Tags
2025-03-17 CVE-2017-0199 agenttesla asyncrat dcrat obfuscation phishing process-hollowing remcos remote access trojan steganography vipkeylogger
Related entities
1 vulnerabilities (cve), 13 observables, 8 techniques (mitre), 5 malware

Description

A sophisticated steganographic campaign has been observed distributing multiple stealer malware variants, including , , , and . The infection chain begins with a email containing an Excel file that exploits . This leads to the download of an HTA file, which in turn downloads a VBS script. The script retrieves a JPG file concealing base64-encoded malware. The payload is then injected into legitimate processes using process hollowing techniques. The campaign demonstrates advanced evasion methods and the potential to deploy various remote access trojans, highlighting the need for robust cybersecurity practices.

External references