Search

NEW JSSLOADER TROJAN DELIVERED THROUGH XLL FILES

JSSLoader is a small, very capable .NET remote access trojan (RAT). Its capabilities include data exfiltration, persistence, auto-updating, additional payload delivery, and more.


Attackers are now using .XLL files to deliver a new, obfuscated version of JSSLoader.

The victim receives a malicious attachment, either an XLM or XLL file, inside an email. Once the attachment is downloaded and executed, Excel loads and executes the malicious code inside the .xll file, which then downloads the payload from a remote server. The payload is a new, similar variant of JSSLoader.


The first stage of the malware responsible for downloading JSSLoader into an infected machine uses an Excel add-in file, denoted by an XLL file extension.



Read More

1 view0 comments

Recent Posts

See All

During Vidar infections, the initial malware retrieves legitimate DLL files hosted on the same C2 server used for data exfiltration. These files are not malicious, but they are used by the Vidar malw

Submit Your Enquiry Here
arrow&v

Thanks! We will get in touch with you shortly.

Other Enquiries
Chat

Please use the chat service below to chat with one of our representatives.

© Cyberarms.