Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
July 11, 2024, 1:36 p.m.
Tags
External References
Description
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideloading and IDATLoader to inject the final payload. The malicious activity culminates in the deployment of Lumma and Meduza Stealer for data theft.
Date
Published: July 11, 2024, 1:12 p.m.
Created: July 11, 2024, 1:12 p.m.
Modified: July 11, 2024, 1:36 p.m.
Indicators
aceee450c55d61671c2d3d154b5f77e7f99688b6da8a8f3256a4bae2cdb76a4c
81e89754ae2324c684fce71acafc30f8085870be947e7a76971b4fec1b24b5d1
7ee31fa89e9e68f20004bdc31f8f05a95861b6c678bfa3b57f09fdfad9ef5290
6481462f15ad4213f83a3d28304f14496bae1feb8580056959a657d0ee8981db
58e2b766dec37cc5fcfb63bc16d69627cd87e7e46f0b9f48899889479f12611e
4eccb7813cee8c8039424aebf69f4269d4a6c2c72d81a001254bcdce80034555
473abb2c272295473e5556ec7dec06f2018c0a67f208d8ab33de1fb6d40895f5
268a0de2468726a106fd92563a846e764f2ba313e37b5fc0cf76171b0a363f6f
2460e7590e09af09ced6f75c001a9066c18629d956edbe8041f08cd21b7528b2
a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
0e2263d4f239a5c39960ffa6b6b688faa7fc3075e130fe0d4599d5b95ef20647
Attack Patterns
Meduza Stealer
Lumma
T1218.005
T1574.002
T1566.002
T1071
T1055
T1036
T1027
T1190
T1059
Additional Informations
Australia
Spain
United States of America