VBShower is a backdoor that Inception has been using since at least 2019. It is used as a downloader for second stage payloads, including PowerShower. VBShower affects Windows operating systems and can execute VBScript files. It also has the ability to download additional VBS files to the target computer. To maintain persistence, it uses HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\[a-f0-9A-F]{8}.
Table of Contents
VBShower Malware Capabilities
- VBShower may use application layer protocols to communicate with a remote system in order to avoid detection. They may also delete any files that could indicate their presence on a system. Finally, they may abuse Visual Basic for execution.
Ways to Mitigate VBShower Malware Attacks
- The article discusses various ways to detect and mitigate VBShower malware. Some of these include analyzing network data for unusual activity, monitoring for events associated with VB execution, and checking for known deletion and secure deletion tools that may be used by an adversary.
About Inception Threat Group
The Inception group is a cyber espionage group that has targeted multiple industries and governmental entities primarily in Russia, but has also been active in the United States and throughout Europe, Asia, Africa, and the Middle East.
