top of page

Mass distribution of stealers (Formbook, Snake Keylogger) and use of RelicRace/RelicSource malware!

Since July 2022, the government computer emergency response team of Ukraine CERT-UA has been recording the facts of the mass mailing of e-mails with the subject "Final payment" and an attachment of the same name in the form of a TGZ archive. The archive contains an EXE file classified as the RelicRace .NET downloader, designed to download (mostly from OneDrive), decode and run the RelicSource malicious .NET program in memory.

ATT&CK IDS: T1056 - Input Capture, T1127 - Trusted Developer Utilities Proxy Execution, T1204.002 - Malicious File, T1566.001 - Spearphishing Attachment, T1192 - Spearphishing Link, T1007 - System Service Discovery

Read More:

bottom of page