Home Security Consultants Warn of ‘Beep’ – A New Evasive Malware That Can Fly Underneath the Radar

Consultants Warn of ‘Beep’ – A New Evasive Malware That Can Fly Underneath the Radar

by crpt os


Feb 15, 2023Ravie LakshmananThreat Detection / Malware

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that’s designed to fly under the radar and drop additional payloads onto a compromised host.

“It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find,” Minerva Labs researcher Natalie Zargarov said.

“One such technique involved delaying execution through the use of the Beep API function, hence the malware’s name.”

Beep comprises three components, the first of which is a dropper that’s responsible for creating a new Windows Registry key and executing a Base64-encoded PowerShell script stored in it.

The PowerShell script, for its part, reaches out to a remote server to retrieve an injector, which, after confirming it’s not being debugged or launched in a virtual machine, extracts and launches the payload via a technique called process hollowing.

The payload is an information stealer that’s equipped to collect and exfiltrate system information and enumerate running processes. Other instructions the malware is capable of accepting from a command-and-control (C2) server include the ability to execute DLL and EXE files.

Evasive Malware

A number of other features are yet to be implemented, suggesting that Beep is still in its early stages of development.

What sets the emerging malware apart is its heavy focus on stealth, adopting a sheer number of detection evasion methods in an attempt to resist analysis, avoid sandboxes, and delay execution.

“Once this malware successfully penetrates a system, it can easily download and spread a wide range of additional malicious tools, including ransomware, making it extremely dangerous,” Zargarov noted.

The findings come as antivirus vendor Avast revealed details of another dropper strain codenamed NeedleDropper that has been used to distribute different malware families since October 2022.

Delivered via spam email attachments, Discord, or OneDrive URLs, the malware is suspected to be offered as a service for other criminal actors looking to distribute their own payloads.

“The malware tries to hide itself by dropping many unused, invalid files and stores important data between several MB of unimportant data, and also utilizes legitimate applications to perform its execution,” the company said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex