New “GZipDe” Malware Drops Metasploit Backdoor

Date
Mar 15, 2019
Posted by
admin
Categories
Cyber Security
GIS Consulting 113

“GZipDe” Malware

Researchers found this New “GZipDe” Malware Drops Metasploit Backdoor in advance this week after a person from Afghanistan uploaded a boobytrapped word document on VirusTotal New “Gzipde” Malware Drops Metasploit Backdoor.

The New “GZipDe” Malware Drops Metasploit Backdoor document, which turned into uploaded to VirusTotal through a person in Afghanistan, contains macro malware embedded in a MS office word document. When opened, it executes a visual basic script saved as a hexadecimal stream, and executes a brand new undertaking in a hidden Powershell console:-

The New “GZipDE” Malware Drops Metasploit Backdoor is a effective exploitation framework that includes various payloads which is used for penetration reason to become aware of the vulnerabilities. However the cyber criminal taking benefit of its futures and in the long run the use of it for the various malicious purposes.

Sophisticated Malware referred to as New”GZipDe” Malware Drops Metasploit Backdoor disbursed through the Weaponized malicious record and set up the Metasploit backdoor in focused target victims laptop.

The New ” GZipDe” Malware Drops Metasploit Backdoor allocates a brand new reminiscence page with execute, study and write privileges. Then it copies the contents of the decrypted payload and launches a new thread to execute it.

A GZipDe infection is a multi-step process:-

  • “It seems very focused,” Doman introduced. “Given the decoy document is in English and uploaded from Afghanistan, it could were focused on someone in an embassy or comparable there.
  • Become just the first step in a multi-step infection process, which Doman special in a report posted the yesterday. 
  • Consistent with Doman, “GZipDe” Malware is coded in net, and makes use of a custom encryption approach to obfuscate system memory and evade of antivirus detection.
  • “GZipDe” Malware is a “downloader,” that means its role is to fetch any other stronger risk from a remote server.
  • However, throughout the researchers’ investigation, the remote server turned into over which commonly would quit the evaluation.

GZipDe Malware Drops Metasploit Backdoor:-

Analyzing the logged shellcode, the AlienVault group decided this turned into a Metasploit module. Metasploit is a framework utilized by security researchers for penetration test, and this precise module become evolved to work as a backdoor. The usage of Metasploit instead of a custom malware pressure isn’t always a new tactic. In the past few years, crooks were slowly migrating from developing custom malware to the usage of prepared-made tools, such as with Metasploit or Cobalt Strike. The shellcode loads the entire DLL into memory, it’s a fileless replica watches malware that could permit attackers to transmit another payload so that it will gather multiplied privileges and perform lateral actions within the local network.

Checkout our more services on Information and Cyber Security.

Previous Post
«
Next Post
»

RELATED POSTS

What is ISO 27001 implementation consulting?
What is ISO 22301? How it works
Why it is essential to secure an ERP’s financial data
Search
Categories
Recent Blogs
CORPORATE OFFICE
Level 2, Augusta Point, Parsvnath Exotica, Sector 53,Golf Course, Gurgaon-122002.
REGISTERED OFFICE
Plot No. 144, 3rd Floor, Pocket-11, Sector – 24, Rohini, Delhi
CANADA
205, West 18th Street, Hamilton,Ontario, Canada.
PIN : L9C468 Ph no. 1-902-989-4313
UNITED STATES
13731 Monarch Vista Dr Germantown MD 20874
MIDDLE EAST OFFICE
Suit #1401, Boulevard Plaza Tower 1, Downtown, Dubai
toll free
1800 212 676767
USA +1 (240) 720-2889
email us
info@gisconsulting.in
webbullindia.com
whatsapp