Avinash Kumar
Last known affiliation: Zscaler Inc.
Bio: Avinash Kumar works in Zscaler ThreatLabZ as a Manager-MalwareLabz – security researcher. He has worked in the threat research field for more than 14 years. He previously worked at Norman and Genpact as a senior malware analyst. His research areas include different malware categories with advance malware botnet and analysing the various campaigns on daily basis. Avinash holds Master’s degree in computer application from Punjab Technical University. Apart from malware research, he loves to play cricket and table tennis.
Nirmal Singh 🗣 | Avinash Kumar 🗣 | Niraj Shivtarkar
Abstract (click to view)
In the last few years we have seen a substantial growth in the Malware-as-a-Service (MaaS) market, this revenue model generates a high income revenue stream for the malware developers and also makes it easier for the malicious actors with less technical capabilities to carry out sophisticated attacks and earn multi-million-dollars by targeting large-scale enterprises and government entities. During the last few years, we have observed a MaaS Group selling a sophisticated modular Remote Access Trojan with various features and pricing plans. The most distinctive feature of this RAT is – Ransomware Module – which encrypts the files and demands for a ransom payment in order to decrypt them. The presence of those features in the RAT leads us to believe that the Threat Actors, involved, are attempting to improve their financial gain by using Ransomware.
Muhammed Irfan V A 🗣 | Avinash Kumar 🗣 | Nirmal Singh
Abstract (click to view)
The escalation of cyber threats in recent years has introduced malware with advanced capabilities. Among these, backdoor malware has evolved significantly and new families of backdoor malware have surfaced, showcasing capabilities that threaten organizations worldwide. This research paper provides an in-depth analysis of three campaigns delivering backdoor malware families using VenomLNK, a Malware-as-a-Service (MaaS) tool.
Our research delves deeply into the analysis of two newly discovered backdoor malware, providing a comprehensive look at the attack chains they utilize and the ways in which they are delivered. We also investigate motives and the threat group behind these malicious campaigns. To conduct this analysis, we collected a vast array of samples from these campaigns. By examining these samples and campaigns, we uncovered information regarding motive and victimology.
This research also covers the core features of these backdoor malware, focusing on how they communicate over networks along with the commands they support. These commands include executing shell commands, Proxying traffic and many other intriguing commands. We also provide a detailed explanation of how each command works and its specific role within the malware.
