Now, lets see some details on this malware attack.
The use of the Windows Management Instrumentation Command-line (WMIC) tool has a rapid increase.
When Microsoft notices the recent campaigns, it makes a detailed analysis of these events.
The attacks would start with a spear phishing email that contains a link to a malicious .LNK shortcut file.
WMIC downloads an SLC file hosts an obfuscated JavaScripts that runs WMIC again.
In the end, Astaroth is downloaded to a system.
Recently, it was also detected in May and June this year by Microsoft Defender ATP Research Team.
According to experts, any file run is not a system tool during the attack chain.
It has become popular with malware attackers in the last three years and now is used widely.
Of course, keeping the latest Windows operating system is necessary.
