Cyber Security

Threat Report: What is Avenger Malware and How Does it Work?

Avenger is a downloader that has been used by Bronze butler since at least 2019. Avenger affects the Windows operating systems and has the ability to XOR encrypt files to be sent to C2. Avenger can extract backdoor malware from downloaded images. Avenger has the ability to use HTTP in communication with C2. Avenger has the ability to inject shellcode into svchost.exe. Avenger has the ability to download files from C2 to a compromised host. Avenger has the ability to decrypt files downloaded from C2. Avenger has the ability to identify installed anti-virus products on a compromised host. Avenger has the ability to use Tasklist to identify running processes. Avenger has the ability to identify the host volume ID and the OS architecture on a compromised host. Avenger can identify the domain of the compromised host.

Avenger Malware Capabilities:

Avenger may use various methods to evade detection, including encrypting or obfuscating files, using steganography, or communicating using application layer protocols associated with web traffic. Avenger may also inject code into processes, transfer files from an external system, or use obfuscated files or information to hide their tracks. Additionally, Avenger may attempt to discover security software, configurations, and tools that are installed on a system in order to determine how best to proceed with an attack.

  • Avenger employs several methods to evade detection, including encrypting or encoding files, using steganography, and communicating via web traffic. These techniques make it difficult for defenders to discover and analyze the malware.
  • Avenger may use process injection and/or transfer tools or other files from an external system in order to evade detection and/or elevate privileges. Additionally, Avenger may use obfuscation techniques to hide artifacts of an intrusion from analysis.
  • The Avenger tool may be used by an adversary to gain information about security software, configurations, defensive tools, and sensors that are installed on a system, as well as to obtain information about running processes. This information may be used to determine whether or not to fully infect a target and/or to attempt specific actions.

Ways to Mitigate Avenger Malware Attacks Capabilities

  • The Avenger malware attack can be mitigated by detecting file obfuscation or steganography, and by analyzing network data for uncommon data flows. If the malicious activity that caused the obfuscated file is detected, it may be possible to prevent the attack.
  • The above text discusses how Avenger malware attacks can be mitigated. Specifically, it discusses monitoring for file creation and files transferred into the network, as well as detecting the action of deobfuscating or decoding files or information.
  • The Avenger malware attack can be mitigated by keeping track of system and network activity data, which can help identify potential lateral movement by the adversary.

About Bronze butler Threat Group

The Bronze Butler is a cyber espionage group that has been active since at least 2008 and primarily targets Japanese organizations.

Show More

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Leave a Reply

Check Also
Close
Back to top button