Back

New InnoSetup Malware Created Upon Each Download Attempt

June 27, 2024, 9:56 a.m.

Tags

obfuscation
2024-06-27
stealc
lu0bot
dga
innosetup
multistagepayload

External References

https://asec.ahnlab.com/

https://otx.alienvault.com/

Description

A security intelligence report describing a new malware distribution technique where malicious code is dynamically generated for each download attempt, evading detection through unique hash values. The malware, termed 'InnoLoader', disguises itself as legitimate software installers, executing a complex sequence of downloading and executing additional payloads, including information stealers, adware, and malicious browser plugins. It employs evasion tactics like varying C2 responses and downloading benign files to hinder analysis. The report underscores the evolving strategies employed by threat actors to distribute malware and compromise systems.

Date

Published Created Modified
June 27, 2024, 9:34 a.m. June 27, 2024, 9:34 a.m. June 27, 2024, 9:56 a.m.

Indicators

valuescent.website

brotherpopcorn.website

da1b144b5f908cb7e811489dfe660e06aa6df9c9158c6972ec9c79c48afacb7e

9c5898b1b354b139794f10594e84e94e991971a54d179b2e9f746319ffac56aa

93.123.39.135

https://song.oaksfoxes.ltd/tid/202.exe

https://cdn-edge-node.com/online_security_mkl.exe

http://monkeyagreement.fun/coo.php?paw=895836&spot=4&a=2857&on=418&o=1660

http://monkeyagreement.fun/coo.php?paw=956684&spot=5&a=2857&on=460&o=1690

http://monkeyagreement.fun/coo.php?paw=883174&spot=1&a=2857&on=444&o=1678

http://monkeyagreement.fun/coo.php?paw=787557&spot=6&a=2857&on=244&o=331

http://monkeyagreement.fun/coo.php?paw=762694&spot=2&a=2857&on=458&o=1688

http://monkeyagreement.fun/coo.php?paw=401610&spot=3&a=2857&on=420&o=1662

http://93.123.39.135/129edec4272dc2c8.php

http://kapetownlink.com/installer.exe

http://240601155506901.try.kyhd08.buzz/f/fvgbm0601901.txt

http://240601155351354.try.kyhd08.buzz/f/fvgbm0601001.msi

Attack Patterns

Socks5Systemz

Lu0Bot

StealC

T1542

T1064

T1137

T1574

T1105

T1204

T1195

T1566

T1059