Get2 Downloader

The Get2 downloader is a type of malware that has been recently used by the threat actor TA505 in its campaigns. The malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, has been incorporated into new Microsoft Office macros. These macros are embedded within Microsoft Excel spreadsheets, luring users to open the document and enable them, thereby activating the Get2 downloader. The malware's reboot functionality is speculated to be used for the continued execution of another malicious program post-installation. In October 2019, TA505 initiated a wide range of attacks across various verticals and regions, employing the Get2 downloader as part of its strategy. This downloader was used to deliver SDBbot, a new remote access Trojan (RAT) written in C++. The combination of Get2 and SDBbot marks TA505's latest tactic for that period, aligning with the group's typical "follow the money" behavioral pattern. Proofpoint researchers have provided a detailed analysis of the Get2 downloader and SDBbot RAT, outlining the tactics, techniques, and procedures associated with these recent campaigns. They've noted the use of Visual Basic macro code samples from the malicious Microsoft Excel spreadsheets in conjunction with the Get2 downloader. The findings were published on October 16, 2019, highlighting the emerging threat landscape and the evolving strategies of threat actors like TA505.