Adobe Worm Faker Uses LOLbins And Dynamic Techniques To Deliver Customized Payloads

Discussion in 'malware problems & news' started by mood, Jun 21, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,159
    Adobe Worm Faker Uses LOLbins And Dynamic Techniques To Deliver Customized Payloads
    June 20, 2019
    https://www.cybereason.com/blog/ado...mic-techniques-to-deliver-customized-payloads
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,721
    Location:
    U.S.A.
    Of note is 41 VT vendors currently detect this. Windows Defender does not. No surprise there since its LOL based.:rolleyes:
     
  3. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,147
    Except it does 8/52
    Capturar.PNG :



    What it isnt detecting is the the fake launcher, but Windows Defender would had stopped the infection, so what is your point?

    Not to mention that the fake launcher is subject to "block at first sight" ...


    So nice job Windows Defender, I guess.


    Edit: I was wrong here, Windows Defender didnt detect the fake launcher , but it detected the malicious script, so it should have stopped the infection anyway.
     
    Last edited: Jun 21, 2019
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,721
    Location:
    U.S.A.
    The hash I checked from the Cybereason article is highlighed below:
     
  5. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,147
    I checked using the hashs from the article, like I said, the malicious script was stopped by WD 8/52:

    C7371297FEA738DD2A334399CD1239B4ADB435F3

    Windows Defender + only 7 other security vendors detected the malicious script, the 41/52 detection is the launcher.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.