Dynamic Approaches Witnessed in AveMaria’s Distribution Strategy

 

The usage of info-stealers by malicious hackers has recently gained momentum in the cyber threat landscape. AveMaria, one such info-stealer, has been modifying tactics in order to infect more users. Zscaler researchers provided an in-depth analysis of the changes implemented as well as new tactics, techniques, and procedures that characterise an AveMaria attack. 
Recent discoveries 
Over the last six months, the operators behind the info-stealer have significantly improved the execution stages in order to infect more users. The majority of these attacks were launched via phishing emails, with the first one discovered in August 2022. The phishing emails, which included an ISO file attachment, three decoy documents, and four shortcut files, were sent to Ukrainian officials.
Experts discovered two versions of the AveMaria attack chain in December 2022, which used the Virtual Hard Disk file format to drop the malicious downloader. In one scenario, adversaries utilised a malicious.vhdx file to install the malware; in another, they utilised type casting or type conversion mechanisms (to manipulate bit values) and dropped a.vhd file as the initial payload.
The malicious payload was delivered via AUloader in October 2022. To decrypt the AveMaria binary in memory a

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: