Beware of COVID guidance manuals carrying the RAT malware

Watch out for a new malware campaign that is distributing files titled “Interim Guidance for CoViD19,” to lure recipients into installing the RAT malware.

Updated on

February 27, 2023

Published on

March 31, 2020

Read time

5

Subscribe to the latest industry news, technologies and resources.

The Carrier

File titled “Interim Guidance for CoViD19,” is being distributed as email attachments.
An auto-executable file is launched once the attachment is downloaded.

The Malware

On execution, it launches cmd and triggers 2 files:
- Timeout.exe
- Shost.exe
The RAT (Remote Administration Tool), which is named AsyncRAT (Written in C#), is embedded in “shost.exe,” and is auto-triggered.

Risk Involved

The malware gives hackers access to keystrokes, files, webcam, or to install other malware or ransomware.
The IP address ( C&C (Command & Control) server), has been used for malicious activities since Dec 2019.
The distributing site is marked as “safe” by Google Safe Browsing. So, it could evade screening and detection.

File details

Distributing Domain: artistdizayn.com
Link: hxxp://artistdizayn.com/wp-content/onedrive.live.com/onedrive.live.com/google.com.php
Country: Turkey
Hosting Provider: Netinternet Bilisim Teknolojileri AS

Table of Contents

This is also a heading
This is a heading

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.

Schedule a Demo

Real time Threat Intelligence Data

More information and context about Underground Chatter

On-Demand Research Services

Related Intelligence Posts

No items found.