Identification and analysis efforts have been evaded for weeks by a new Windows remote access trojan through the use of corrupted Disk Operating System and Portable Executable headers, which could have provided more insights regarding the executable, according to The Hacker News.
Execution of the malware facilitated not only command-and-control domain information decryption and server communications in a new thread but also screenshot capturing, system services enumeration and manipulation, and server functionality for incoming connections from its clients, a report from Fortinet FortiGuard Labs revealed. Additional analysis showed the malware to feature a multi-threaded socket architecture that enables simultaneous and more complex interactions between different threat actors using the payload. "By operating in this mode, the malware effectively turns the compromised system into a remote-access platform, allowing the attacker to launch further attacks or perform various actions on behalf of the victim," said Fortinet researchers.
Execution of the malware facilitated not only command-and-control domain information decryption and server communications in a new thread but also screenshot capturing, system services enumeration and manipulation, and server functionality for incoming connections from its clients, a report from Fortinet FortiGuard Labs revealed. Additional analysis showed the malware to feature a multi-threaded socket architecture that enables simultaneous and more complex interactions between different threat actors using the payload. "By operating in this mode, the malware effectively turns the compromised system into a remote-access platform, allowing the attacker to launch further attacks or perform various actions on behalf of the victim," said Fortinet researchers.
