(MENAFN- EIN Presswire)
DUBAI, DUBAI, UNITED ARAB EMIRATES, December 2, 2024 /EINPresswire / -- The cybersecurity team at ANY has shared an in-depth look at PSLoramyra, an advanced fileless malware loader that uses PowerShell, VBS, and BAT scripts to break into systems, run malicious code directly in memory, and stay hidden. This in-depth analysis demonstrates the behavior of the loader step by step, showing how it evades traditional detection, bypasses security and maintains control.
An Overview of PSLoramyra's Fileless Attack Techniques
The analysis by ANY reveals how PSLoramyra, a sophisticated fileless malware loader, uses PowerShell, VBS, and BAT scripts to deliver and execute payloads like Quasar RAT directly in memory, bypassing traditional detection methods.
Key Findings from the PSLoramyra Analysis
The research breaks down its infection chain, showing how it creates scheduled tasks for persistence and uses obfuscation techniques to stay hidden, giving cybersecurity professionals a closer look at how to tackle this type of threat:
· Fileless operation: PSLoramyra operates entirely in memory, leveraging PowerShell to execute malicious payloads, leaving minimal traces on the disk and evading traditional detection methods.
· Multi-stage infection chain: The malware uses a combination of VBS, BAT, and PowerShell scripts, working together to deliver and execute payloads such as the Quasar RAT.
· Stealthy persistence: It ensures long-term access by creating a Task Scheduler task that runs every two minutes, executing its scripts without user awareness.
· Advanced obfuscation: Obfuscates payloads using hex-encoded strings and custom delimiters, making static analysis and detection more challenging for security tools.
· Key Indicators of Compromise (IOCs): Unique script names (roox, roox, roox1), command lines, and malicious domains provide valuable clues for identifying and mitigating the threat.
To dive deeper into the details of PSLoramyra's techniques, visit ANY's blog .
About ANY
ANY provides interactive malware analysis tools trusted by over 500,000 cybersecurity professionals worldwide. With powerful features for real-time behavioral analysis, ANY helps identify threats, reduce investigation time, and provide actionable insights for incident response.
The ANY team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
LinkedIn
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability
for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this
article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
MENAFN02122024003118003196ID1108946412
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.