RATDispenser a JavaScript Based Loader

  |  Source: 
HP - ThreatResearch
Information & Technology

RATDispenser a JavaScript Based Loader

HP Threat Research shared findings of an evasive JavaScript loader designated, "RATDispenser." Its goal is to establish initial access and distribute additional malware. Several malware families have been observed to be the distributor; RemcosRAT, STRRAT, GuLoader, Ratty, AdWind, Panda Stealer, Formbook, and WSHRAT. STRRAT and WSHRAT accounting for the majority with 81% of the samples analyzed. Given the variety of the malware used, it is suggested the dispenser is utilized under a malware-as-a-service model. The infection chain is summarized through a malicious email containing a js file, execution triggers wscript and cmd to set up a VBScript which downloads the malware payload and executes it.


Get trending threats published weekly by the Anvilogic team.

Sign Up Now