Malware Spotlight: A Deep-Dive Analysis of WezRat

Nov. 15, 2024, 9 a.m.

Description

Check Point Research provides a comprehensive analysis of WezRat, a custom modular infostealer attributed to the Iranian cyber group Emennet Pasargad. The malware has been active for over a year, targeting organizations in multiple countries. WezRat's capabilities include executing commands, taking screenshots, uploading files, keylogging, and stealing clipboard content and cookie files. The analysis reveals the malware's evolution, its modular architecture, and the threat actors' infrastructure. The latest version was distributed through a phishing campaign impersonating the Israeli National Cyber Directorate, demonstrating the group's ongoing development and refinement of this versatile cyber espionage tool.

External References

https://research.checkpoint.com/2024/wezrat-malware-deep-dive/
https://otx.alienvault.com/pulse/67364be4eea4a69c8055ab06
Tags
backdoor
espionage
phishing
infostealer
iran
modular
2024-11-14
wezrat
c&c

Date

  • Created: Nov. 14, 2024, 7:13 p.m.
  • Published: Nov. 14, 2024, 7:13 p.m.
  • Modified: Nov. 15, 2024, 9 a.m.

Attack Patterns

  • WezRat
  • Emennet Pasargad

Additional Informations

  • Government
  • Sweden
  • France
  • Israel
  • United States of America