Aggah malspam campaign updated with new payloads

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
An updated Aggah malspam campaign is distributing malicious Microsoft Office documents designed to trigger a multi-stage infection in order to a target a user’s endpoint.

The campaign is depositing Agent Tesla, njRAT and Nanocore RAT in a attack that is being run out of several Pastebin accounts, reported Cisco Talos. As with previous Aggah attacks, which began in January 2020, it is initiated through a phishing email containing a malicious attachment, which downloads a VBScript that then initiates the attack, infecting the endpoint with the RAT.

The updated version of the malware uses an additional .NET binary (and embedded VBScript and PowerShell scripts) to disable protection and detection mechanisms on the infected endpoint. The attackers also altered the distribution of attack components across multiple free Pastebin accounts to modularize the attack infrastructure. Finally, they opened a new Pastebin PRO account to host all the final RAT payloads. A pro account enables the attackers to modify the pastes and serve different malware at different points in time, Cisco Talos explained.

All of these changes and improvements lead the Cisco Talos team to believe that actors behind Aggah will continue to use free infrastructure like Pastebin and that a continued expansion of their malware arsenal will continue.

Full report by Cisco Talos:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top