• By Gurumoorthi
• xwormrat, python_obfuscation, memory_injection
• 7 Likes
• 0 Comments
• 4 Shares

Multi layers of evasion techniques drops various Remote Access Trojan

We recently came across a phishing campaign where a malicious author sent an email, in which the author attached an HTML file. The infection flow involves multiple levels of evasion techniques, especially as the author used Kramer obfuscation method used by the author, a python script obfuscator available on GitHub, was used by the author. This campaign pretends to be consumer asking for a service and was directed at staff.