216.73.216.194

Wineloader - Analysis of the Infection Chain

· Published 06/06/2024 08:13 · Modified 06/06/2024 08:35

Export JSON

Essential information

Published
06/06/2024 08:13
Modified
06/06/2024 08:35
Tags
2024-06-06 backdoor javascript obfuscation persistence sideloading wineloader
Related entities
9 observables, 1 intrusion sets (apt), 9 techniques (mitre), 1 malware

Description

The analysis examines the , a modular malware attributed to the APT29 threat group, which allows further tools or modules to be downloaded through an encrypted command and control channel. It starts with a phishing email luring targets with a wine tasting event invitation. Executing the obfuscated HTA file downloads the payload, which utilizes and creates scheduled tasks or registry entries for . Techniques to deobfuscate the code are provided to extract valuable intelligence from obfuscated payloads.

External references