Researchers from Secureworks have examined ‘DarkTortilla,’ a.NET-based cypher used to distribute both widespread malware and targeted payloads.
DarkTortilla was designed to conceal harmful payloads from detection tools, and it has been observed delivering remote access Trojans (RATs) and information stealers – AgentTesla, AsyncRat, NanoCore, and RedLine – as well as targeted payloads such as Cobalt Strike and Metasploit.
Highly flexible and complicated, the crypter may also be used for the distribution of add-ons – additional payloads, decoy documents, and executables – and appears to be very popular among threat actors, since VirusTotal received an average of 93 samples per week between January 2021 and May 2022. The researchers have discovered instances of spam emails sent in English, German, Italian, Bulgarian, Romanian, and Spanish.
For more such updates follow us on Google News ITsecuritywire News