Autoit

Malware updated a month ago (2024-10-15T10:02:52.487Z)

Download STIX

Preview STIX

AutoIt is a type of malware that exploits and damages computer systems by infiltrating them through suspicious downloads, emails, or websites. It utilizes a complex attack chain involving an SFX archive that unpacks an AutoIt script and executes "MicrosoftStores.exe". This action subsequently launches the MeshAgent tool. The AutoIt script then triggers a command file, downloading a Python infostealer. An interesting feature of the AutoIt interpreter is its unique method of reading files specified in its launch argument. The infection process continues with two DLL files using the same technique as the initial stage: they employ a legitimate AutoIt interpreter and another A3X implant located in the signature of the legitimate dynamic library. The components of this malware use a variety of programming languages such as C++, .NET, Python, VBS, and AutoIt itself. These scripts are deobfuscated to reveal their contents, as shown in the provided images. In addition to these operations, the AutoIt script opens the legitimate Google "Sign in" page in kiosk mode, setting a parameter to ignore the F11 and ESC keys on the victim's browser. However, it's important to note that the AutoIt script does not directly steal credentials. Instead, it works in combination with other malware, such as StealC, to extract the information. This multi-faceted approach makes AutoIt a potent threat to system security.

Description last updated: 2024-10-15T09:21:53.948Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Loader

Payload

Windows

Python

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Darkgate Malware is associated with Autoit. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicio	Unspecified	2

Source Document References

Information about the Autoit Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	4 months ago	DarkGate: Dancing the Samba With Alluring Excel Files
Fortinet	5 months ago	Fickle Stealer Distributed via Multiple Attack Chain \| FortiGuard Labs
MITRE	2 years ago	Donot Team Leverages New Framework \| NETSCOUT
Securityaffairs	a month ago	Awaken Likho APT group targets Russian government with a new implant
Securelist	a month ago	Analyzing the Awaken Likho APT group implant: new tools and techniques
Securelist	2 months ago	SIEM agent being used in SilentCryptoMiner attacks
Securityaffairs	2 months ago	Credential Flusher, understanding the threat and how to protect your login data
Fortinet	3 months ago	Emansrepo Stealer: Multi-Vector Attack Chains \| FortiGuard Labs
CrowdStrike	4 months ago	Malware Distributed Using Falcon Sensor Update Phishing Lure \| CrowdStrike
CERT-EU	9 months ago	[Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service. - SANS Internet Storm Center
CERT-EU	a year ago	DarkGate Opens Organizations for Attack via Skype, Teams - Cyber Security Review
CERT-EU	a year ago	DarkGate reloaded via malvertising and SEO poisoning campaigns - Cyber Security Review
CERT-EU	a year ago	Reverse Engineering Walkthrough \| Analyzing A Sample Of Arechclient2
MITRE	2 years ago	Lokibot with Autoit Obfuscated Frenchy Shellcode
CERT Polska	2 years ago	AutoIt scripts are the new black for malware startups
CERT Polska	2 years ago	Karton Gems 2: Your first karton
CERT Polska	2 years ago	Karton Gems 1: Getting Started