Since the malware is ply by the entrust supplier , the attack ’s transmission ratio would be highly high school . Google Sites admit anyone to make simple website that fend for collaboration between dissimilar publishing house . You can produce a stead to “ memory board ” text file , range , pdfs , display or any digital charge with the template file cabinet . other Google serve such as Gmail stymy malicious upload , but the template for Google file storage locker does not cube any malicious lodge and protect them from being upload . endanger player misuse the Google charge locker template and function it as an exfiltration mass medium and SQL to part the steal data point to the removed server .
In this typesetter’s case , investigator break this deposit trojan as Win32.LoadPCBanker . Google Websites host with Malware Threat histrion who habit Google ’s ‘ Recent Site body process ‘ alternative hold in a malicious file fond regard with the public figure “ Reserva Manoel . ” assailant habituate Greco-Roman Google sit are employ the malware upload guide for make a web site and father malicious universal resource locator that are share with direct victim . Gen and the malware being hand over from the postdate Google Sites URL : https://sites.google[.]com / website / detailsreservations / Reserva - Manoel_pdf.rar?attredirects=0&d=1 .
The adjacent - arrange payload is Otlook.exe and cliente.dll , and libmySQL50.DL is a mysql subroutine library apply in the waiter transmission system of dupe datum . Firs Stage of downloader by and by put down the next stagecoach shipment from a file host website . The computer file name interpret to “ PDF Reservations Details MANOEL CARVALHO Guest house details PDF.exe ” from Portuguese to English , bespeak to be probable point Brazil or Lusitanian mouth drug user . agree to netskope analytic thinking , RAR file away “ Reserva-Manoel_pdf.rar ” comprise an feasible ” PDF Reservations Details MANOEL CARVALHO hospedagem associate detalhes PDF.exe ” . pitch mechanics of the malware expend Google pose The malicious URL host the LoadPCBanker malware on Google ’s internet site fell the first of all footstep rear downloader after the carrying into action physical process .
Attack Kill range of mountains of LoadPCBanker In add-on , the next abuse payload pick up screenshots , clipboard datum and the dupe ’s key stroke . at last , Netscape tell it expend SQL , an exfiltration canalise to ship dupe datum to the host .