Researchers from Secureworks examined “DarkTortilla,” a.NET-based crypter used to distribute both well-known malware and custom payloads.
Agent Tesla, AsyncRat, NanoCore, and RedLine were among the information stealers and remote access trojans (RATs) delivered by DarkTortilla, which has probably been active since 2015. It was also detected distributing specific payloads like Cobalt Strike and Metasploit.
Software tools known as crypters enable malware to evade detection by security programs by combining encryption, obfuscation, and code manipulation.
Averaging 93 samples each week between January 2021 and May 2022, the highly adjustable and complicated crypter can also be used to send add-ons, such as additional payloads, decoy documents, and executables. It also looks to be particularly popular among hackers.
SecureWorks analysts have discovered code resemblances with a crypter employed by the RATs Crew threat organization between 2008 and 2011 as well as with malware discovered in 2021, Gameloader.
The malicious spam emails that transmit DarkTortilla include archives with an executable for an initial loader that is used to decode and run a core processor module, either hidden within the email itself or downloaded through text-storage websites like
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: