From VBS, PowerShell, C Sharp, Process Hollowing to RAT, (Thu, Mar 4th)

Read the original article: From VBS, PowerShell, C Sharp, Process Hollowing to RAT, (Thu, Mar 4th)

VBS files are interesting to deliver malicious content to a victim&#x26;#39;s computer because they look like simple text files. I found an interesting sample that behaves like a dropper. But it looks also like Russian dolls seeing all the techniques used to drop a RAT at the end. The file hash is 8697dc74d7c07583f24488926fc6e117975f8a9f014972073d19a5e62d248ead and has a VT score of 12/59[1]. It was delivered by email under the name “Procurement – Attached RFQ 202102.vbs”. If you filter attachments based on the MIME type, this file won&#x26;#39;t be detected as suspicious:

Become a supporter of IT Security News and help us remove the ads.