101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

489
active users

#dbatloader

0 posts0 participants0 posts today
ANY.RUN<p>🚨 New <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> campaign uses <a href="https://infosec.exchange/tags/DBatLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DBatLoader</span></a> to drop <a href="https://infosec.exchange/tags/Remcos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Remcos</span></a> RAT.<br>The infection relies on <a href="https://infosec.exchange/tags/UAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UAC</span></a> bypass with mock directories, obfuscated .cmd scripts, Windows <a href="https://infosec.exchange/tags/LOLBAS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LOLBAS</span></a> techniques, and advanced persistence techniques. At the time of analysis, the samples had not yet been submitted to <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VirusTotal</span></a> ⚠️</p><p>🔗 Execution chain:<br><a href="https://infosec.exchange/tags/Phish" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phish</span></a> ➡️ Archive ➡️ DBatLoader ➡️ CMD ➡️ SndVol.exe (Remcos injected) </p><p>👨‍💻 <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANYRUN</span></a> allows analysts to quickly uncover stealth techniques like LOLBAS abuse, injection, and UAC bypass, all within a single interactive analysis session. See analysis: <a href="https://app.any.run/tasks/c57ca499-51f5-4c50-a91f-70bc5a60b98d/?utm_source=mastodon&amp;utm_medium=post&amp;utm_campaign=dbatloader&amp;utm_term=150525&amp;utm_content=linktoservice" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.any.run/tasks/c57ca499-51f</span><span class="invisible">5-4c50-a91f-70bc5a60b98d/?utm_source=mastodon&amp;utm_medium=post&amp;utm_campaign=dbatloader&amp;utm_term=150525&amp;utm_content=linktoservice</span></a></p><p>🛠️ Key techniques:<br>🔹 <a href="https://infosec.exchange/tags/Obfuscated" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Obfuscated</span></a> with <a href="https://infosec.exchange/tags/BatCloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BatCloak</span></a> .cmd files are used to download and run <a href="https://infosec.exchange/tags/payload" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>payload</span></a>.<br>🔹 Remcos injects into trusted system processes (SndVol.exe, colorcpl.exe). <br>🔹 Scheduled tasks trigger a Cmwdnsyn.url file, which launches a .pif dropper to maintain persistence. <br>🔹 Esentutl.exe is abused via LOLBAS to copy cmd.exe into the alpha.pif file. <br>🔹 UAC bypass is achieved with fake directories like “C:\Windows “ (note the trailing space), exploiting how Windows handles folder names. </p><p>⚠️ This threat uses multiple layers of stealth and abuse of built-in Windows tools. Behavioral detection and attention to unusual file paths or another activity are crucial to catching it early. <a href="https://infosec.exchange/tags/ANYRUN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANYRUN</span></a> Sandbox provides the visibility needed to spot these techniques in real time 🚀</p>
SANS Internet Storm Center - SANS.edu - Go Sentinels!<p>ISC Diary: <span class="h-card"><a href="https://infosec.exchange/@malware_traffic" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>malware_traffic</span></a></span> reviews <a href="https://infosec.exchange/tags/Formbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Formbook</span></a> from possible <a href="https://infosec.exchange/tags/ModiLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ModiLoader</span></a> (<a href="https://infosec.exchange/tags/DBatLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DBatLoader</span></a>) <a href="https://i5c.us/d29958" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">i5c.us/d29958</span><span class="invisible"></span></a></p>