Oblique RAT

A new malware campaign dubbed ObliqueRAT using malicious Microsoft Office documents to target government organizations in Southeast Asia , through a Email phishing campaign

The file name in the campaign is like one of Company-Terms.doc & DOT_JD_GM.doc“.if user opens the file it prompts for a password, once the file gets opened the below events will start processing

The malicious script then creates a shortcut in the Start-Up directory to achieve persistence if the machine is rebooted.

The second stage of the payload is ObliqueRAT which has various features & functions, the RAT communicates with the C&C server and then execute the commands.

The malware checks for the process named “Oblique” running on the infected machine, if already process is running then RAT will stop the execution.

Capabilities

  • Able to execute commands on the infected system
  • Exfiltrate files from the computer
  • An Attacker can drop additional files
  • Able to terminate any running process

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s