Analysis of Golang Payload and Information Theft Campaign

July 30, 2024, 4:32 p.m.

Description

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the techniques used by the malware, including command execution, screen capturing, and data exfiltration via encrypted channels. The report also provides insights into the group's evolving tactics and expanding arsenal of attack tools.

Date

Published: July 30, 2024, 4:14 p.m.

Created: July 30, 2024, 4:14 p.m.

Modified: July 30, 2024, 4:32 p.m.

Indicators

https://quranchapter.t-cdn.org/wp-includes/javascript/juicesdafekohioshfoshfhiofh/quran

https://espncrics.info/goaimdzfecbgrjjxdamdoo

https://daily-mashriq.org/goyxdrkhjilchyigflztv

http://172.81.60.46:1005

Attack Patterns

Client.exe

Winver.exe

APT-C-09 (Mozambique)

T1207

T1107

T1569.002

T1021.001

T1548.002

T1053.005

T1490

T1059.001

T1012

T1071.001

T1518.001

T1082

T1057

T1105

T1083

T1219

T1036

T1027

T1059

Additional Informations

Pakistan