Banload and stealer

Some weird malware possibly banload and a stealer. Details were uploaded to our submissions system Starts with email link that downloads from This zip contains genuine google updater & a bat file which downloads a powershell script from Then a zip from  which contains genuine autoit files & a malicious file It then shuts down computer On reboot another powershell script is dropped that appears to be the stealer. Sends stolen data to Main object- “” sha256 967ebdb78f55bd6640e5e4dc94f640758764851f1429c017d586da93ed536bf2 sha1    3b47fde59daa506967a609ed8e434ef92a327c37 md5     2cb79ca3702b9e08e2012d511b7ee2e1 ssdeep_parts   [object Object] Dropped executable file sha256 C:\Users\Public\Java_jkwbzg3_\exe.png            237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d sha256 C:\Users\Public\Java_jkwbzg3_\libeay32.dll            963b313eb11d5ea78d9d5f4e03df9265e472db892a4b406ee73f0216fd4d6f38 sha256 … Continue reading →

Article Link: