After some quick initial investigation, we found that the link was executing a malicious Python script that was used to inject a remote access Trojan (RAT) onto the system.Īlong the way, we encountered a total of six consecutive payloads and some new offensive tooling which we found pretty interesting. The file was named “ sysmon.lnk” and looked a bit fishy. We recently investigated a suspicious link file persisting in a user’s startup folder. Otherwise, you never know what kind of shady creatures may be lurking in the shadows. Join us on our journey as we show just how important it is to keep your yard-both the real one with green grass and the virtual one with bytes and binaries-clean and tidy. Along the way, we found a very shady Python (and coincidentally, a friendly RAT) just waiting to strike.
Hackers and snakes-oh my! What do they have in common? Both are shady characters that can hide in plain sight, just waiting for the right moment to strike.īut how do you know if you have any unwanted pests nearby? Often, you just need to go looking for them-and that’s exactly what we did.
0 kommentar(er)
