Single-use malware is turning old. Hackers in recent are developing with their knowledge and tools. The latest development in the malware space reveals the attackers using a package of malware being dumped into systems. A new malware named “Hornet’s Nest” that’s already in the wild and been deploying a bunch of malware to exploit every bit of victim.
In what known as bunch dumping, hackers in this new age are developing the package of malware that can be dumped at once and cash on it frequently. Malware as Emotet dump can deliver TrickBot, which in further brings the Ryuk ransomware along with it. This kind of collaborative malware packed into one single dump and fed into the system can earn the hackers more than anything.
Legion Loader As Father
Legion loader, as described by DeepInstinct, is the initial pack that stores all of these malwares. It’s written in MS Visual C++ 8, it has several VM/Sandbox features and research tools, but the code lacks obfuscation, that makes the analysis of this very much easy.
Studying the package revealed several malwares existing with respective purposes. The legion loader has multiple malwares for data stealing, a file-less cryptocurrency stealer, a crypto-miner and some backdoors for future operations. While these seem uncommon, hackers are gradually moving into this strategy of bunch dumping with one key access.
Exploring The Bunch
Evaluating further, data stealers as Vidar, Racoon stealer and Predator. These steal sensitive information from the victim’s computer and transfer them to the hackers database. Other malwares as crypto miners for harvesting victim’s system resources to gain cryptocurrencies.
Further, a cryptocurrency stealer for procuring victims virtual assets. A recent cryptocurrency stealer is capable of changing the destination address of transaction and let hacker’s wallet gain instead of an actual receiver. After all these, the fraudster sets a backdoor for dealing with future malicious activities.
Source: Deep Instinct