A new malware campaign dubbed ObliqueRAT using malicious Microsoft Office documents to target government organizations in Southeast Asia , through a Email phishing campaign
The file name in the campaign is like one of Company-Terms.doc & DOT_JD_GM.doc“.if user opens the file it prompts for a password, once the file gets opened the below events will start processing
The malicious script then creates a shortcut in the Start-Up directory to achieve persistence if the machine is rebooted.
The second stage of the payload is ObliqueRAT which has various features & functions, the RAT communicates with the C&C server and then execute the commands.
The malware checks for the process named “Oblique” running on the infected machine, if already process is running then RAT will stop the execution.
- Able to execute commands on the infected system
- Exfiltrate files from the computer
- An Attacker can drop additional files
- Able to terminate any running process