The other one was the corrupted AutoHotkeyU32.ahk which is an AHK script used to communicate with C&C server and to download the additional script and execute it. The first one was the genuine AutoHotkeyU32.exe program. Once the victim opened and enabled macro in the decoy document, two files were extracted from the hex encoded cells in the XLSM document. department of state are generally marked as top secret. The email had a malicious XLSM attachment with embedded macro.Įmployees were duped by the malicious email since the emails coming from the U.S. Department of State was delivered in the inbox of the government employees and had ‘Military Financing Program’ as its subject line. This mala fide software can steal sensitive data and money from even government and financial networks.Ī malicious email posing to be sent from the U.S. The software was manipulated by adding malicious TeamViewer DLL to the original software. The motive behind the attack is probably financially driven. TeamViewer is one of the most popular tools for the remote access of desktop, desktop sharing, file transfer between systems, web conferencing etc. The attacker who was responsible for this attack is a Russian speaking man. Government agencies were in a state of shock when they realized that their systems have been compromised with the malicious TeamViewer software. Sounds like a simple if statement (to open ahk or ahk2exe ), parameter pass, and a registry catch. As for the help file, that can just be included with the launcher, which would launch the regular old ahk main executable when no parameters are passed to it. That would mean that making and editing and compiling ahk script would be incredibly easy.
However, I am sure that someone intent on making this portable could find what parameters are passed to ahk2exe when you right click and compile (from win explorer), and make a launcher for akh2exe, so that it could be added to convey (Send to menu utility). the later is where the registry entries come into play. Autohotkey offers two main perks over just ahk2exe: the help, which has just about everything you need to do simple and intermediate stuff, and the context menu on an ahk script to run/edit/compile it on the spot.
0 kommentar(er)
