In some of the recent Powload-related incidents we saw, we noticed significant changes to some of the attachments in the spam emails: the use of steganography and targeting of specific countries. Figure 2 shows the difference. For example, the samples we analyzed in early 2018 had more straightforward infection chains. These updates added another stage to the execution of malicious routines as a way to evade detection. The Powload variants that use these techniques drop and execute the Ursnif and Bebloh data stealers. We did not see any notable differences in the payloads’ routines. The distribution tactics also resemble a spam campaign we uncovered last year, which delivered the same information stealers but distributed via the Cutwail botnet. The post From Fileless Techniques to Using Steganography: Examining Powload’s Evolution appeared first on .
...moreSummary
Total Articles Found: 1
Top sources:
Top Keywords:
- Malware: 1
- Spam: 1
- BEBLOH: 1
- Powload: 1
- steganography: 1
Top Authors
- Trend Micro: 1
Top Articles:
- From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
Published: 2019-03-12 15:31:16
Popularity: 66
Author: Trend Micro
Keywords: