Hackers Abuse Windows Error Reporting (WER) Service in Fileless Malware Attack

https://gbhackers.com/fileless-malware-attack/

Security scientists revealed a brand-new attack called Kraken that utilizes injected its payload into the Windows Mistake Reporting service to avert detection.

The WerFault.exe is a service that reveals some error occurred with the operating system, Windows features, or applications, victims would assume some mistake happen, but enemies sneaky execute malware utilizing the procedure.

Fileless Malware Attack

At the time of the report, the target URL was down, so that Malwarebytes not able to retrieve this shellcode for more analysis.

The binary is carried out on the windows memory and injects ingrained shellcode into the Windows process. As the binary performed on windows memory it wont leave any traces on the hard disk.

Once it is opened by a victim it will perform the CactusTorch macro that loads the NET payload straight directly in the windows devices memory.

Inside the harmful document file, it includes a customized variation of CactusTorch( shellcode launcher) VBA module that leverages the DotNetToJscript strategy to load a.Net compiled binary into memory and execute it from VBScript.

Security scientists from Malwarebytes observed a new attack with a zip file containing a destructive file dubbed “Compensation manual.doc” and it has an image tag that points to the website “yourrighttocompensation [] com”.

Researchers believe the attack connects to APT32, but not having adequate proof to attribute this attack.

Once it feels safe after anti-analysis it decrypts and loads the final payload int he maliciously developed Windows Error Reporting service. The payload is hosted on the site asia-kotoba [

The new maliciously developed Windows Error Reporting service will before some anti-analysis checks such as not running in an analysis/sandbox environment or a debugger.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

GitHub Launches Code Scanning Tool to Find Security Vulnerabilities– Available for All Users

Be careful of the New Critical Zerologon Vulnerability in The Windows Server

Security scientists from Malwarebytes observed a new attack with a zip file including a destructive document dubbed “Compensation manual.doc” and it has an image tag that points to the site “yourrighttocompensation [Once it feels safe after anti-analysis it decrypts and loads the last payload int he maliciously developed Windows Error Reporting service. The payload is hosted on the website asia-kotoba [