Free Phone Consultation For New Clients | CONTACT NOW

Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT, BitRAT, and PandoraHVNC

Ave MariaRAT is a Trojan horse that installs other malware onto the infected machine. BitRAT provides an attacker with remote access to an infected computer; it also enforces a backdoor and can download modules from the attacker's server. PandoraHVNC is a keylogger that captures keystrokes and sends them back to the attacker.

A lot of today's malwares are not files but are hidden in the registry and can infect a system via a browser. Malware authors use many techniques to remain undetected but one of them is to hide the malware on hard disk.

One of the hard disk areas commonly used by malware is known as Logical Disk Management (LDM) partition. "This partition normally resides on the system drive (normally C:), and contains firmware for booting Windows, as well as other boot-time drivers." This type of boot-time partition may also be used to carry out certain processes or even serve as an alternative operating system if it is configured that way by an attacker. Todays malware is fileless with no binary files on disk and AveMariaRAT is one of them. It is a combination of an obfuscated PowerShell script and an encoded base64 command string. The executable is saved as HTML in the image file.

Once executed, the malware drops three files in the "AppData\Roaming" folder: Panda.exe, Panda64.exe and Panda32.exe – all are 32-bit Windows binaries that are similar to other versions of Panda RAT.

Today's cybersecurity threat is tomorrow's national security threat. The US Department of Homeland Security (DHS) Science and Technology Directorate (S&T), National Cybersecurity & Communications Integration Center (NCCIC), Cyber Security Division (CSD) created a framework to detect and prevent the malware attacks on critical infrastructure. The framework uses Machine Learning Algorithms based on the features derived from the in-memory representation of processes, which are loaded into memory by the operating include some form of malware, whether it be hidden inside malicious emails or embedded in websites with security holes waiting for you to input your information.

Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part II - AlienVault - Open Threat Exchange

Need secure managed IT services in the Greenville, SC, area?