ANY.RUN Unveils Detailed Analysis of PSLoramyra: A Fileless Malware Loader
DUBAI, DUBAI, UNITED ARAB EMIRATES, December 2, 2024 /EINPresswire.com/ -- The cybersecurity team at ANY.RUN has shared an in-depth look at PSLoramyra, an advanced fileless malware loader that uses PowerShell, VBS, and BAT scripts to break into systems, run malicious code directly in memory, and stay hidden. This in-depth analysis demonstrates the behavior of the loader step by step, showing how it evades traditional detection, bypasses security and maintains control.
๐๐ง ๐๐ฏ๐๐ซ๐ฏ๐ข๐๐ฐ ๐จ๐ ๐๐๐๐จ๐ซ๐๐ฆ๐ฒ๐ซ๐โ๐ฌ ๐ ๐ข๐ฅ๐๐ฅ๐๐ฌ๐ฌ ๐๐ญ๐ญ๐๐๐ค ๐๐๐๐ก๐ง๐ข๐ช๐ฎ๐๐ฌ
The analysis by ANY.RUN reveals how PSLoramyra, a sophisticated fileless malware loader, uses PowerShell, VBS, and BAT scripts to deliver and execute payloads like Quasar RAT directly in memory, bypassing traditional detection methods.
๐๐๐ฒ ๐ ๐ข๐ง๐๐ข๐ง๐ ๐ฌ ๐๐ซ๐จ๐ฆ ๐ญ๐ก๐ ๐๐๐๐จ๐ซ๐๐ฆ๐ฒ๐ซ๐ ๐๐ง๐๐ฅ๐ฒ๐ฌ๐ข๐ฌ
The research breaks down its infection chain, showing how it creates scheduled tasks for persistence and uses obfuscation techniques to stay hidden, giving cybersecurity professionals a closer look at how to tackle this type of threat:
ยท ๐๐ถ๐น๐ฒ๐น๐ฒ๐๐ ๐ผ๐ฝ๐ฒ๐ฟ๐ฎ๐๐ถ๐ผ๐ป: PSLoramyra operates entirely in memory, leveraging PowerShell to execute malicious payloads, leaving minimal traces on the disk and evading traditional detection methods.
ยท ๐ ๐๐น๐๐ถ-๐๐๐ฎ๐ด๐ฒ ๐ถ๐ป๐ณ๐ฒ๐ฐ๐๐ถ๐ผ๐ป ๐ฐ๐ต๐ฎ๐ถ๐ป: The malware uses a combination of VBS, BAT, and PowerShell scripts, working together to deliver and execute payloads such as the Quasar RAT.
ยท ๐ฆ๐๐ฒ๐ฎ๐น๐๐ต๐ ๐ฝ๐ฒ๐ฟ๐๐ถ๐๐๐ฒ๐ป๐ฐ๐ฒ: It ensures long-term access by creating a Task Scheduler task that runs every two minutes, executing its scripts without user awareness.
ยท ๐๐ฑ๐๐ฎ๐ป๐ฐ๐ฒ๐ฑ ๐ผ๐ฏ๐ณ๐๐๐ฐ๐ฎ๐๐ถ๐ผ๐ป: Obfuscates payloads using hex-encoded strings and custom delimiters, making static analysis and detection more challenging for security tools.
ยท ๐๐ฒ๐ ๐๐ป๐ฑ๐ถ๐ฐ๐ฎ๐๐ผ๐ฟ๐ ๐ผ๐ณ ๐๐ผ๐บ๐ฝ๐ฟ๐ผ๐บ๐ถ๐๐ฒ (๐๐ข๐๐): Unique script names (roox.vbs, roox.bat, roox.ps1), command lines, and malicious domains provide valuable clues for identifying and mitigating the threat.
To dive deeper into the details of PSLoramyraโs techniques, visit ANY.RUNโs blog.
๐๐๐จ๐ฎ๐ญ ๐๐๐.๐๐๐
ANY.RUN provides interactive malware analysis tools trusted by over 500,000 cybersecurity professionals worldwide. With powerful features for real-time behavioral analysis, ANY.RUN helps identify threats, reduce investigation time, and provide actionable insights for incident response.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
LinkedIn
Distribution channels: Banking, Finance & Investment Industry, Companies, IT Industry, International Organizations, Technology
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Submit your press release