AutoIt – WindowsTechs.com

[SANS ISC] Diving into Malicious AutoIT Code

Posted on October 24, 2018 by Xavier

I published the following diary on isc.sans.edu: “Diving into Malicious AutoIT Code”: Following my yesterday diary, I had a deeper look at the malicious AutoIT script dropped in my sandbox. For those who are not aware of AutoIT, it is a BASIC-like scripting language designed for automating Windows tasks. If

[The post [SANS ISC] Diving into Malicious AutoIT Code has been first published on /dev/random]

Continue reading [SANS ISC] Diving into Malicious AutoIT Code→

[SANS ISC] Malicious Powershell using a Decoy Picture

Posted on October 23, 2018 by Xavier

I published the following diary on isc.sans.edu: “Malicious Powershell using a Decoy Picture“: I found another interesting piece of malicious Powershell while hunting. The file size is 1.3MB and most of the file is a PE file Base64 encoded. You can immediately detect it by checking the first characters of

[The post [SANS ISC] Malicious Powershell using a Decoy Picture has been first published on /dev/random]

Continue reading [SANS ISC] Malicious Powershell using a Decoy Picture→

[SANS ISC] Malicious DLL Loaded Through AutoIT

Posted on August 21, 2018 by Xavier

I published the following diary on isc.sans.org: “Malicious DLL Loaded Through AutoIT“: Here is an interesting sample that I found while hunting. It started with the following URL: hxxp://200[.]98[.]170[.]29/uiferuisdfj/W5UsPk.php?Q8T3=OQlLg3rUFVE740gn1T3LjoPCQKxAL1i6WoY34y2o73Ap3C80lvTr9FM5 The value of the parameter (‘OQlLg3rUFVE740gn1T3LjoPCQKxAL1i6WoY34y2o73Ap3C80lvTr9FM5’) is used as the key to decode the first stage. If you don’t specify it,

[The post [SANS ISC] Malicious DLL Loaded Through AutoIT has been first published on /dev/random]

Continue reading [SANS ISC] Malicious DLL Loaded Through AutoIT→

AutoIt Scripting Used By Overlay Malware to Bypass AV Detection

Posted on November 10, 2017 by Tom Spring

IBM’s X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection. Continue reading AutoIt Scripting Used By Overlay Malware to Bypass AV Detection→

[SANS ISC] Malicious AutoIT script delivered in a self-extracting RAR file

Posted on August 25, 2017 by Xavier

I published the following diary on isc.sans.org: “Malicious AutoIT script delivered in a self-extracting RAR file“. Here is another sample that hit my curiosity. As usual, the infection vector was an email which delivered some HTML code in an attached file called “PO_5634_780.docx.html” (SHA1:d2158494e1b9e0bd85e56e431cbbbba465064f5a). It has a very low VT

[The post [SANS ISC] Malicious AutoIT script delivered in a self-extracting RAR file has been first published on /dev/random]

Continue reading [SANS ISC] Malicious AutoIT script delivered in a self-extracting RAR file→

[SANS ISC] Malicious AutoIT script delivered in a self-extracting RAR file

Posted on August 25, 2017 by Xavier

[The post [SANS ISC] Malicious AutoIT script delivered in a self-extracting RAR file has been first published on /dev/random]

Continue reading [SANS ISC] Malicious AutoIT script delivered in a self-extracting RAR file→

Dropping Elephant APT Targets Old Windows Flaws

Posted on July 8, 2016 by Tom Spring

Dropping Elephant, an advanced persistent threat group, is using old exploits to target unpatched version of Windows in highly effective cyber espionage campaign. Continue reading Dropping Elephant APT Targets Old Windows Flaws→