The U.S. Department of Defense’s Cyber National Mission Force (CNMF) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) last week published a malware analysis report for what they described as a new malware variant named SLOTHFULMEDIA.
SLOTHFULMEDIA is described as a dropper that deploys two files when executed, including a RAT designed to allow hackers to control compromised devices, and a component that removes the dropper once the RAT achieves persistence on the targeted computer.
The RAT is capable of running arbitrary commands, terminating processes, taking screenshots, modifying the registry, and making changes to files.
The U.S. government’s malware analysis report includes technical details about how the malware works, indicators of compromise (IoC) and recommendations for securing systems against such threats.
“Users or administrators should flag activity associated with the malware and report the activity to the CISA or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation,” the agencies said.
It’s not uncommon for these types of malware analysis reports made public by U.S. agencies to include information about the threat actor believed to be behind the attacks, including if it’s a nation-state actor. However, the report on SLOTHFULMEDIA doesn’t provide any information on the possible origin of the attackers.
CISA and CNMF say the malware has been used in attacks launched by a sophisticated threat actor against entities in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia, and Ukraine.
