AstraLocker 2.0 infects users directly from Word attachments

Home/Malware, Ransomware, Security Advisory, Security Update/AstraLocker 2.0 infects users directly from Word attachments

AstraLocker 2.0 infects users directly from Word attachments

AstraLocker 2.0 is a ransomware variant belonging to the Babuk family. It recently released its second major release, and according to threat analysts, its operators are involved in rapid attacks that drop its payload directly from email attachments.

Once unpacked, Astralocker 2.0 employs several tactics to avoid detection and hamper attempts to recover.

From document to encryption

The lure used by AstraLocker 2.0 operators is a Microsoft Word document that hides an OLE object with ransomware payload. The embedded executable file uses the file name “WordDocumentDOC.exe”.

To perform the payload, the user must click “Run” in the warning dialog box that appears when the document is opened, further reducing the chances of success for the threatening agents.

The AstraLocker 2.0 attack observed was unusual in several ways.

  • The attackers opted to push ransomware to victims at the earliest stage of the attack.
  • Once targets opened the malicious file attachment used as bait in the initial phishing attacks.

File Hash

  • f1dd01a9e4b959e569250354d74e0423
  • 7d710e304c5d591febe8c0e1bf14615a
  • 4a4521ebdb840696964c15c3375975ff

Follow us for more, Facebook, Twitter, LinkedIn and Instagram

By | 2022-07-01T12:50:04+05:30 July 1st, 2022|Malware, Ransomware, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!