July 10, 2024 at 03:23PM
ViperSoftX malware utilizes CLR to execute PowerShell within AutoIt scripts, enabling evasion of detection. It is distributed disguised as ebooks on torrent sites, using malicious RAR archives and decoy files. The malware employs various evasion techniques, including base64 obfuscation, AES encryption, and deceptive hostnames, aiming to steal system and cryptocurrency data. Trellix emphasizes the need for a robust defense strategy.
Based on the meeting notes, the key takeaways are as follows:
– The latest variants of the ViperSoftX malware use CLR to execute PowerShell commands within AutoIt scripts, allowing it to evade detection and blend into legitimate activities on the system.
– ViperSoftX leverages heavy Base64 obfuscation and AES encryption to hide PowerShell commands in image decoy files and has incorporated modified offensive scripts to increase its sophistication.
– The malware is distributed on torrent sites as ebooks that deliver malicious RAR archives containing a decoy PDF or ebook file, a shortcut (.LNK) file, and disguised PowerShell and AutoIT scripts.
– Once executed, the .LNK file loads the PowerShell script that hides within blank spaces commands automatically executed in the Command Prompt, leading to the installation of ViperSoftX on the system.
– To maintain persistence, the malware configures the Task Scheduler to run AutoIt3.exe every five minutes after the user logs in.
– ViperSoftX aims to steal system and hardware details, cryptocurrency wallet data from browser extensions, and clipboard contents from compromised systems.
– The malware uses deceptive hostnames for network communication and encodes system information in Base64 format to avoid detection.
– ViperSoftX has been described as a sophisticated and agile modern threat that requires a comprehensive defense strategy encompassing detection, prevention, and response capabilities to be thwarted.
These highlights provide a clear overview of the ViperSoftX malware, its distribution methods, attack flow, evasion tactics, and data theft objectives.