James_inthe_boxApr 3, 2024

More #hagga via booking . com #malspam pdf -> js -> #originlogger

https://app.any.run/tasks/6e0e4947-fd2e-4d97-855a-a3b4cc9d819b

Analysis file.7z (MD5: A9A66A3B12E85D74D71D5F9677CD3601) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxMar 27, 2024

Some fresh #hagga -> #originlogger via booking . com:

https://app.any.run/tasks/d7fe276d-82e2-421c-92c5-8b0e4a9a65e5

Analysis lnvoice-1445766252.pdf.js (MD5: 258B1E8DE4924787FB4032649A9ACD49) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxDec 22, 2023

A #hagga saga, in three parts:
https://app.any.run/tasks/87f35396-902b-4073-b86b-2bbb72bfc215
https://app.any.run/tasks/3a6e270c-50fd-49d6-b028-65ca1947e06e
https://app.any.run/tasks/bab972fc-9141-41b9-bc06-1f1db932e443

drop is #origin #logger

Analysis lnvoice_1373246817.pdf (MD5: CAC599EFFEC2E9547357835415855BFF) No threats detected - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxDec 12, 2023

Some fresh #hagga -> #origin logger:

https://app.any.run/tasks/c80d9e95-cd8d-4b3c-ae9c-c0daac630a74

Analysis lnvoice-1578246817.js (MD5: 6C184AF6956751FD1F4861A06936F775) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxAug 8, 2023

Fresh #hagga -> #origin logger:

https://app.any.run/tasks/b8a24849-de53-42de-9624-f40a217fe626

https://app.any.run/tasks/5ab5802c-a63a-4709-a213-115260f30b1b

via http:// abodiopdate. blogspot. com/////////////////////////////////////////////////////////////atom.xml

Analysis lnvoice#20336 .vbs (MD5: 8280D77F1FE4F3AD7E067180F6CF1AD9) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxJul 25, 2023

Some fresh #hagga via:

http://adoblupdate[.blogspot.com///////////////////////////////////////////////////////////////////atom.xml

https://app.any.run/tasks/ef1a941b-9495-40ff-ad46-914e22f30236

#origin #logger

Analysis lnvoice#50449~Pdf.vbs (MD5: 76CB444A99DDAB3E56B9677094B65EF9) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxMay 30, 2023

Pretty sure this is a #hagga vbs:

https:// bitbucket .org/mounmeinlylo/rikirollin/downloads/tomPayload.vbs

DGSec Mar 16, 2023

New post about #APT-C-36 #Hagga covering a detailed view of the infection of the last campaigns. From #NjRAT to #LimeRAT deployment.

https://lab52.io/blog/apt-c-36-from-njrat-to-apt-c-36/

APT-C-36: from NjRAT to LimeRAT

Ankit Anubhav Feb 23, 2023

Couple of months #Aggah / #Hagga threat actor was low-key.
While it is back now, a string in last stage script might explain the absence, ( maybe a heartbreak ?)

Leads to Xworm !

https://bazaar.abuse.ch/sample/836cd1dbb96268f267f46c20dec7ea50909184f8d163f418b95a3eee1271dcb4/

#Malware #Cybersecurity #Infosec

MalwareBazaar | Checking your browser