JavaScript that was smuggled inside of the SVG image contained the entire malicious zip archive. The attachment contains a malicious SVG file named “dhgle-Skljdf.svg” This content includes shellcode injected into the MSBuild application, facilitating further malicious actions.įigure 2: Process Tree Technical AnalysisĪ recipient receives a spam email that contains malware embedded in archived attachments. Upon execution of the WSF, wscript calls the PowerShell command to establish a connection with a malicious domain and execute the hosted content. Within this ZIP file is a WSF (Windows Script File), acting as the conduit for the subsequent stage. This action triggers the browser to download a ZIP file. The execution process begins with the opening of an SVG file from an email attachment. This engine interprets the XML-based SVG code and displays the image accordingly on the web page.īrowsers treat SVG files as standard web content and handle them seamlessly within their browsing environments. When you open an SVG file in Chrome or Firefox, the browser renders the vector graphics using its built-in SVG rendering engine. Modern web browsers such as Google Chrome, Mozilla Firefox, and Microsoft Edge have built-in support for rendering SVG files. One of the key features of SVG files is their support for interactivity and animation, achieved through JavaScript and CSS. The SVG (Scalable Vector Graphics) file format is a widely used vector image format designed for describing two-dimensional vector and mixed vector/raster graphics in XML. McAfee Labs has observed a recent GUloader campaign being distributed through a malicious SVG file delivered via email. This adaptability enables GUloader to persistently infiltrate networks and establish footholds for further malicious activity. Through polymorphic code and encryption, GUloader can dynamically alter its structure, effectively masking its presence from antivirus software and intrusion detection systems. One of GUloader’s distinguishing features is its utilization of evasion techniques, making it particularly challenging for traditional security measures to detect and mitigate. This sophisticated malware loader has garnered attention for its stealthy techniques and ability to evade detection, posing a significant risk to organizations and individuals. Enter GUloader, a potent weapon in the arsenal of cybercriminals worldwide. In the ever-evolving landscape of cybersecurity threats, staying ahead of malicious actors requires a deep understanding of their tactics and tools.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |