Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
May 30, 2024, 7:31 a.m.
Tags
External References
Description
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed technical analysis covers the attack flow, malware functionality, evasion tactics, and infrastructure used in the campaign.
Date
Published: May 30, 2024, 7:10 a.m.
Created: May 30, 2024, 7:10 a.m.
Modified: May 30, 2024, 7:31 a.m.
Indicators
dc1d5aefdad703bcc127f2f1eda4f4b11a98dbdde5290b081e1ec571035130ee
8d08c6e09e94608170e93259d02d1bf7102b0768bbd0507c66c276836e0262a2
5e51e62c21052b2453d01a339f9e5acd499b1d8bac6d62d44b54aa7313882b69
5de473a10f6135de47080270e218e12a1ea276f15483ffcfe55da55019417e99
507e49380dac7669eb09aabbcb9f3360bebf5cf42c6c89076a6eda7d32384a50
312bdf1b97977a73f7f3ef48de2842beb505a18fac689a8fee473d94b42e5642
1fc77b5aeb891d6fd9803fda5d20abc2f49835ae2daacf9f572559cd3941cbf5
f417007224bc2b16cc208eb26c1543340529a00ac8c919582eccd7d60a235243
f8793917d4d58470b6f9bb1714f4f3fba2c1fc188e97f416ab91ef6edcf07794
316103a71d0ca556f00ff23f4ba996d2564dceccb88a2217fe1cc742123001d3
minecraftrpgserver.com
Attack Patterns
3Proxy
AntiAV
OrcusRAT
PureCrypter
XMRig
T1038
T1064
T1497
T1005
T1489
T1547
T1518
T1057
T1105
T1543
T1134
T1027
T1053
T1562
T1059