The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Bangladesh is under attack by Bitter with a new malware. Cisco Talos cybersecurity experts: The Trojan, dubbed ZxxZ, is spread via with a themed lure document sent to high-ranking officers of the Police RAB
Bangladesh is under attack by Bitter since August 2021 with a new Trojan called “ZxxZ”. It has been denounced by Cisco Talos cybersecurity experts. The cybercrime APT targets an elite unit of the Asian Country’s government with a themed lure document alleging to relate to the regular operational tasks in the victim’s organization. It’s a spear-phishing email sent to high-ranking officers of the Rapid Action Battalion Unit of the Bangladesh police (RAB). The emails contain either a malicious RTF document or a Microsoft Excel spreadsheet weaponized to exploit known vulnerabilities. Once the victim opens the maldoc, the Equation Editor application is automatically launched to run the embedded objects containing the shellcode to exploit known vulnerabilities then downloads and runs the malware on the victim’s machine. It masquerades as a Windows Security update service and allows to perform remote code execution, opening the door to other activities by installing other tools.