New “GZipDe” Malware Drops Metasploit Backdoor

Mar 15, 2019
Posted by
Cyber Security
GIS Consulting 113

“GZipDe” Malware

Researchers found this New “GZipDe” Malware Drops Metasploit Backdoor in advance this week after a person from Afghanistan uploaded a boobytrapped word document on VirusTotal New “Gzipde” Malware Drops Metasploit Backdoor.

The New “GZipDe” Malware Drops Metasploit Backdoor document, which turned into uploaded to VirusTotal through a person in Afghanistan, contains macro malware embedded in a MS office word document. When opened, it executes a visual basic script saved as a hexadecimal stream, and executes a brand new undertaking in a hidden Powershell console:-

The New “GZipDE” Malware Drops Metasploit Backdoor is a effective exploitation framework that includes various payloads which is used for penetration reason to become aware of the vulnerabilities. However the cyber criminal taking benefit of its futures and in the long run the use of it for the various malicious purposes.

Sophisticated Malware referred to as New”GZipDe” Malware Drops Metasploit Backdoor disbursed through the Weaponized malicious record and set up the Metasploit backdoor in focused target victims laptop.

The New ” GZipDe” Malware Drops Metasploit Backdoor allocates a brand new reminiscence page with execute, study and write privileges. Then it copies the contents of the decrypted payload and launches a new thread to execute it.

A GZipDe infection is a multi-step process:-

  • “It seems very focused,” Doman introduced. “Given the decoy document is in English and uploaded from Afghanistan, it could were focused on someone in an embassy or comparable there.
  • Become just the first step in a multi-step infection process, which Doman special in a report posted the yesterday. 
  • Consistent with Doman, “GZipDe” Malware is coded in net, and makes use of a custom encryption approach to obfuscate system memory and evade of antivirus detection.
  • “GZipDe” Malware is a “downloader,” that means its role is to fetch any other stronger risk from a remote server.
  • However, throughout the researchers’ investigation, the remote server turned into over which commonly would quit the evaluation.

GZipDe Malware Drops Metasploit Backdoor:-

Analyzing the logged shellcode, the AlienVault group decided this turned into a Metasploit module. Metasploit is a framework utilized by security researchers for penetration test, and this precise module become evolved to work as a backdoor. The usage of Metasploit instead of a custom malware pressure isn’t always a new tactic. In the past few years, crooks were slowly migrating from developing custom malware to the usage of prepared-made tools, such as with Metasploit or Cobalt Strike. The shellcode loads the entire DLL into memory, it’s a fileless replica watches malware that could permit attackers to transmit another payload so that it will gather multiplied privileges and perform lateral actions within the local network.

Checkout our more services on Information and Cyber Security.