Malware News Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs

Thread starter silversurfer
Start date Aug 1, 2018

silversurfer

Level 85

Thread author

Verified

Honorary Member

Top Poster

Content Creator

Malware Hunter

Well-known

Aug 1, 2018

#1

Content source: https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abusing-settingcontent-ms-found-dropping-same-flawedammy-rat-distributed-by-necurs/

Trend Micro detected a spam campaign that drops the same FlawedAmmyy RAT (remote access Trojan) used by a Necurs module to install its final payload on bots under bank- and POS-related user domains. The spam campaign was also found abusing SettingContent-ms – an XML format shortcut file that opens Microsoft’s Windows Settings panel. Malicious SettingContent-ms files were found embedded in a PDF document that drops the aforementioned RAT.

Full Report: Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs - TrendLabs Security Intelligence Blog

Reactions: Fel Grossi, upnorth, harlan4096 and 2 others

You must log in or register to reply here.

Similar threads

Microsoft Warns of Campaign Dropping Flawedammyy RAT in Memory

Replies: 0

Views: 1,252

News Archive Jun 21, 2019

silversurfer

Spam campaign: Netwire RAT via paste.ee and MS Excel to German users

Replies: 8

Views: 1,038

News Archive May 14, 2020

upnorth

TA505 Spear Phishing Campaign Uses LOLBins to Avoid Detection

Replies: 0

Views: 1,115

News Archive Apr 25, 2019

LASER_oneXM

Top