Sophisticated threat actors, like those behind the ViperSoftX malware from 2020, often make use of existing tools to save time and resources.
ViperSoftX uses AutoIt, the CLR, and pre-made hacking scripts. This helps them to develop malware faster and avoid detection. It shows that even advanced cyberattacks don’t always need completely custom code.
Hackers use these shortcuts to break into networks and steal data, which is why it’s important to have strong defenses against tools like AutoIt that can hide harmful activities.
Cybersecurity researchers at Trellix recently unpacked the ViperSoftX malware’s evasion tactics and techniques.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial
ViperSoftX Malware’s Evasion
AutoIt is a free automation tool for Windows. Malware authors, including those working with ViperSoftX, widely use it.
This is due to its robust features like simulating keyboard strokes, mouse movement, Window/Control manipulation.
They use AutoIt’s simple syntax, rich function library, and feature of compiling scripts into .exe files to make advanced evasion and reduce the size of the malicious codes.
.webp "Researchers Unpacked ViperSoftX Malware's Evasion Tactics And Techniques 2")
AutoIt is one of the POV used for ViperSoftX as it allows masking of their activities such as hiding powershell codes into fake JPG files jpg etc. Besides this, here below we have mentioned all the there key reasons threat actors favor AutoIt:-
- Evasion
- Ease of Use
- Accelerated Development
.webp "Researchers Unpacked ViperSoftX Malware's Evasion Tactics And Techniques 3")
ViperSoftX illustrates the change in the methods of the malware creators in the willingness to get around control, speeding up development efforts caused by the shortage of ideas or time, reads Trellix research.
While using normal executable tools like AutoIt and strategically integrating the CLR to hide PowerShell activity, threat actors modernize while employing evasion techniques that pose risks to cybersecurity.
To prevent this threat, Trellix deploys a comprehensive, integrated suite of complementary solutions within a multi-layered approach.
In order to deal with this type of advanced malware, it is essential for cybersecurity teams to adopt a multi-layered defense approach that includes EDR, and XDR platforms.
They support the ability to monitor the activity on endpoints, to receive alerts from various sources and determine the TTPs used in the intrusions from the MITRE ATT&CK framework, and provide antivirus-like blocking features alongside a sandbox environment to analyze the malware activities too.
Not only that, but these solutions also support rapid threat detection, investigation, and response to sophisticated attacks like ViperSoftX, which leverage legitimate tools for malicious purposes.
What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!