NordDragonScan: Quiet Data-Harvester on Windows

Description

A sophisticated infostealer dubbed NordDragonScan has been discovered, targeting Windows systems through weaponized HTA scripts. The malware is distributed via shortened links leading to RAR archives containing malicious LNK shortcuts. Once installed, NordDragonScan performs extensive reconnaissance, collecting system information, network details, browser data, and sensitive documents. It utilizes custom obfuscation techniques and establishes persistence through registry modifications. The stolen data is exfiltrated to a command-and-control server using TLS encryption. The attack employs various decoy documents to evade detection and maximize infection opportunities. NordDragonScan's capabilities include screenshot capture, Chrome and Firefox profile harvesting, and local network scanning.