20
Mar
According to Check Point’s study, “each dotRunpeX sample has an embedded payload of a certain malware family to be injected,” with the injector identifying a list of anti-malware processes that should be terminated. This is made possible by exploiting a weak process explorer driver (procexp.sys) built into dotRunpeX to gain kernel mode execution. The malware may be linked to Russian-speaking threat actors. This conclusion was made based on the language references in the code. The developing threat primarily distributes Raccoon, RedLine, Vidar, Agent Tesla, and FormBook malware families.
https://thehackernews.com/2023/03/new-dotrunpex-malware-delivers-multiple.html
