Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
July 11, 2024, 1:36 p.m.
Description
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideloading and IDATLoader to inject the final payload. The malicious activity culminates in the deployment of Lumma and Meduza Stealer for data theft.
Tags
Date
- Created: July 11, 2024, 1:12 p.m.
- Published: July 11, 2024, 1:12 p.m.
- Modified: July 11, 2024, 1:36 p.m.
Indicators
- aceee450c55d61671c2d3d154b5f77e7f99688b6da8a8f3256a4bae2cdb76a4c
- 81e89754ae2324c684fce71acafc30f8085870be947e7a76971b4fec1b24b5d1
- 7ee31fa89e9e68f20004bdc31f8f05a95861b6c678bfa3b57f09fdfad9ef5290
- 6481462f15ad4213f83a3d28304f14496bae1feb8580056959a657d0ee8981db
- 58e2b766dec37cc5fcfb63bc16d69627cd87e7e46f0b9f48899889479f12611e
- 4eccb7813cee8c8039424aebf69f4269d4a6c2c72d81a001254bcdce80034555
- 473abb2c272295473e5556ec7dec06f2018c0a67f208d8ab33de1fb6d40895f5
- 268a0de2468726a106fd92563a846e764f2ba313e37b5fc0cf76171b0a363f6f
- 2460e7590e09af09ced6f75c001a9066c18629d956edbe8041f08cd21b7528b2
- a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
- a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
- 0e2263d4f239a5c39960ffa6b6b688faa7fc3075e130fe0d4599d5b95ef20647
Attack Patterns
- Meduza Stealer
- Lumma
- T1218.005
- T1574.002
- T1566.002
- T1071
- T1055
- T1036
- T1027
- T1190
- T1059
Additional Informations
- Australia
- Spain
- United States of America