Ankit Anubhav 

Do you like attack cycles of #malware ?

Then #TA558 threat actor may excite you.

The malware starts from marketing spam link , to download a zip, which contains a WSF(Windows Script File).The job of WSF is to download a PowerShell which does reflective injection in AddInProcess32.exe to load AsyncRAT in the process and perform theft and report back to c2.

Ignore the ~ in the image and you can see addinprocess32.exe

Sample https://bazaar.abuse.ch/sample/355440683f3a5acfa576e278ae407edf38a17d2350ec5359de49c37b714fe4ef/

#CyberSecurity #Infosec

MalwareBazaar | Checking your browser

Sep 21, 2023 at 5:44pmWeb