Recently we received a SPAM with an attachment, which is a password-protected Word document. Its MD5 is 6619356e9e0c9d2445bf777a8bea5d6a, which is detected as “WM/Agent.60F9!tr” by the Fortinet AntiVirus service. When the document is opened, the attached malicious VB script code is executed and additional malware is created and executed.
Based on our analysis, this is information-stealing malware. In this blog, we’ll show you how the malware works, what information is stolen from a victim’s system, and how the stolen data is sent to attacker.
Fortinet Blog
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.