Analysis of Golang Payload and Information Theft Campaign
July 30, 2024, 4:32 p.m.
Tags
External References
Description
The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the techniques used by the malware, including command execution, screen capturing, and data exfiltration via encrypted channels. The report also provides insights into the group's evolving tactics and expanding arsenal of attack tools.
Date
Published: July 30, 2024, 4:14 p.m.
Created: July 30, 2024, 4:14 p.m.
Modified: July 30, 2024, 4:32 p.m.
Indicators
https://quranchapter.t-cdn.org/wp-includes/javascript/juicesdafekohioshfoshfhiofh/quran
https://espncrics.info/goaimdzfecbgrjjxdamdoo
https://daily-mashriq.org/goyxdrkhjilchyigflztv
http://172.81.60.46:1005
Attack Patterns
Client.exe
Winver.exe
APT-C-09 (Mozambique)
T1207
T1107
T1569.002
T1021.001
T1548.002
T1053.005
T1490
T1059.001
T1012
T1071.001
T1518.001
T1082
T1057
T1105
T1083
T1219
T1036
T1027
T1059
Additional Informations
Pakistan