AutoITMalware
Malware written in AutoIT 3 scripting language and compiled as .exe with Delphi wrapper. FTP upload capacity (FtpOpenFileW), process injection (VirtualAllocEx+WriteProcessMemory), user authentication (LogonUserW), WoW64 bypass techniques.
Threat Profile
Type
Loader
Programming LanguageAutoIT
C2 Protocolcustom
First Seen2023
Targets
Kuresel
Purpose / Capabilities
- FTP Uploader/Injector
No C2 servers have been identified for this family yet.
Research Reports (1)
AutoITFTPInjector 4cc12d29 -- AutoIT3-compiled NoCmdExecute FtpOpenFileW FtpGetFileSize FTPSETPROXY VirtualAllocEx WriteProcessMemory CreateProcessAsUserW LogonUserW Wow64Disable AdjustTokenPrivileges | Orta
AutoITFTPInjector 4cc12d29 PE32 985KB AutoIT3 compiled Delphi wrapper. FtpOpenFileW+FtpGetFileSize+FTPSETPROXY. VirtualAllocEx+WriteProcessMemory injection. CreateProcessAsUserW. LogonUserW. Wow64DisableWow64FsRedirection.
Read Report →