Decoding the Stealthy Memory-Only Malware
Aug. 23, 2024, 9:31 a.m.
Tags
External References
Description
This intelligence report provides an in-depth analysis of a complex, multi-stage malware campaign called PEAKLIGHT. It details the infection chain, starting with movie lure ZIP files containing malicious LNK files that initiate a JavaScript dropper. This dropper then executes a PowerShell downloader script, PEAKLIGHT, responsible for retrieving additional payloads from a content delivery network. The report examines different variations of PEAKLIGHT and the malware it delivers, including LUMMAC.V2, SHADOWLADDER, and CRYPTBOT. The analysis highlights the obfuscation techniques employed by the threat actors, such as system binary proxy execution and CDN abuse.
Date
Published: Aug. 23, 2024, 9:11 a.m.
Created: Aug. 23, 2024, 9:11 a.m.
Modified: Aug. 23, 2024, 9:31 a.m.
Indicators
bf1a0c67b433f52ebd304553f022baa34bfbca258c932d2b4b8b956b1467bfa5
9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6
6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
62.133.61.56
https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png
https://brewdogebar.com/code.vue
http://gceight8vt.top/upload.php
http://62.133.61.56/Downloads/Full%20Video%20HD%20
http://62.133.61.56/Downloads/Full
http://62.133.61.56/Downloads
tropicalironexpressiw.shop
gceight8vt.top
forikabrof.click
brewdogebar.com
understanndtytonyguw.shop
relaxtionflouwerwi.shop
patternapplauderw.shop
messtimetabledkolvk.shop
horsedwollfedrwos.shop
detailbaconroollyws.shop
deprivedrinkyfaiir.shop
considerrycurrentyws.shop
Attack Patterns
SHADOWLADDER
LUMMAC.V2
CRYPTBOT
T1218.005