Dubbed RATDispenser, the malware has been distributed in the wild through email messages carrying malicious file attachments.
The malware had been used to drop at least eight different RAT strains, such as STTRAT, WSHRAT, AdWind, Formbook, Remcos, Panda Stealer, GuLoader, and Ratty.
The variety in malware families, many of which can be purchased or downloaded freely from underground marketplaces, and the preference of malware operators to drop their payloads, suggest that the authors of RATDispenser may be operating under a malware-as-a-service business model.
Around 155 samples of this new malware discovered, spanning across three different versions. RATDispenser as a dropper, a type of malware used to install other threats. Droppers are different from loaders (also known as downloaders), as they contain the final payload in their body and don’t communicate with a command and control server, meaning they are less versatile but slightly stealthier.
Indicators of Compromise