Microsoft Azure  - S4dmW1559537705 - Hackers Abusing Microsoft Azure to Deploy Malware and C2 Servers

Now Microsoft Azure becomes a sweet spot for hackers to hosting powerful malware and also operating it as a command and control servers for the malicious files.

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Initially, this malicious operation uncovered and reported by @JayTHL & @malwrhunterteam via twitter where they provide the evidence that there is a malicious being hosted in Microsoft Azure.

Researcher already reported this malicious operation to Microsoft However, the original malware (plus additional samples uploaded since) still resided on the Azure site as of May , 2019 – 17 days later, Appriver Reported.

This is an evidence of Azure that failed to detect the malware residing on the Microsoft server, but defender is detecting the malicious files if users attempt to download from the malware-hosting server.

Windows defender detects this malware as Trojan:Win32/Occamy.C and the first new sample ( searchfile.exe ) was initially uploaded to VirusTotal on April , 2019, and another sample (printer/prenter.exe) was first submitted on April 30, but also remains undetected on Azure servers.

According to appriver, However, it does not appear the service is currently scanning Azure sites or, one could surmise that these files would’ve been detected by now. 

Based on the analysis report using the printer.exe file, Attackers uncompiled this malware with c# .net portable executable file.

- ida ghidra - Hackers Abusing Microsoft Azure to Deploy Malware and C2 Servers

Attackers cleverly using an uncompiled file as an attempt of evading the gateway and endpoint detection by thoroughly examine the downloaded binaries.

” Once running, this malicious agent generates XML SOAP requests every 2 minutes to check-in and receive commands from the malicious actors Azure command and control site at: systemservicex[.]azurewebsites[.]net/data[.]asmx”

This is not a first-time malware abusing Azure, but already we reported that attackers abuse Microsoft Azure Blog Hosting and it also attempted to steal the login credentials.

Download Free E-book to learn about complete Security Implementation & Mitigation Steps – Download Free-Ebook Here.

You can follow us on LinkedinTwitterFacebook for daily updates also you can take the Best Cybersecurity courses online to keep yourself updated.

Also Read:

Microsoft ‘s New Tamper Protection in Defender ATP Lets block never-before seen Malware within Seconds

Hackers Bypass Multi-factor Authentication to Hack Office 365 & G Suite Cloud Accounts Using IMAP Protocol

Most Important Key Factors Organizations Should Consider in Implementing the Cloud Security Solutions

Source link

No tags for this post.


Please enter your comment!
Please enter your name here