AutoITMalware

Malware written in AutoIT 3 scripting language and compiled as .exe with Delphi wrapper. FTP upload capacity (FtpOpenFileW), process injection (VirtualAllocEx+WriteProcessMemory), user authentication (LogonUserW), WoW64 bypass techniques.

Threat Profile
Type Loader
Programming LanguageAutoIT
C2 Protocolcustom
First Seen2023
Targets Kuresel
Purpose / Capabilities
  • FTP Uploader/Injector
No C2 servers have been identified for this family yet.

Research Reports (1)

Medium

AutoITFTPInjector 4cc12d29 -- AutoIT3-compiled NoCmdExecute FtpOpenFileW FtpGetFileSize FTPSETPROXY VirtualAllocEx WriteProcessMemory CreateProcessAsUserW LogonUserW Wow64Disable AdjustTokenPrivileges | Orta

AutoITFTPInjector 4cc12d29 PE32 985KB AutoIT3 compiled Delphi wrapper. FtpOpenFileW+FtpGetFileSize+FTPSETPROXY. VirtualAllocEx+WriteProcessMemory injection. CreateProcessAsUserW. LogonUserW. Wow64DisableWow64FsRedirection.

Read Report →