The STAC5777 assault chain was extra concerned, with extra hands-on-keyboard hacking and instructions. Throughout the first stage, the attacker used the browser to obtain two .dat information, which they then mixed into an archive referred to as pack.zip.
The archive contained a number of information, together with a respectable executable referred to as OneDriveStandaloneUpdater.exe, two .dll information from the OpenSSL Toolkit challenge, an unknown winhttp.dll,and a file referred to as settingsbackup.dat. The archive and information have been unpacked in a folder referred to as OneDriveUpdate below the Home windows AppData listing.
Malware was able to stealing system data and recording keystrokes
The winhttp.dll file was a backdoor that was robotically sideloaded by the respectable OneDrive executable. The file was able to gathering system data, together with configuration particulars, the title of the present consumer, and recording keystrokes. The researchers additionally consider it was meant to decrypt the settingsbackup.dat and execute it as a second-stage payload, however they didn’t handle to research this file.
