Malicious "DaVinci-Resolve-20.4.0-win-x86_64.msi" Signed "Flight 041 LLC" C2: touchmeplease[.]icu Drops an obfuscated AutoIT executable 1/2 h/t @malwrhunterteam

#Mispadu 🇧🇷 - Varios sitios activos para el loader inicial: 52 ⛓️mail > url > zip > hta > js > vbs > autoit c2 activos: 5 🟢( +6 off 🔴) 170[.]238[.]45[.]201:7885 54[.]36[.]118[.]231:6499 196[.]251[.]115[.]150:6555 34[.]46[.]212[.]86:8001 217[.]182[.]105[.]61:8007 +250 IOCs:

202510_338955.html.lnk 28dc62859c506ddb4becfe9ba741387ba7269542c98c80e85e307616ae730063 #APT #Autoit

TaskName 'ISYuiAb' #APT #Autoit

Defending against the return of Lumma Stealer? According to Trend Micro, it's spreading via: 1️⃣ Fake cracked software 2️⃣ Deceptive sites 3️⃣ Social media posts e.g. cracked software Use this SIGMA rule by @cyb3rops to catch malware using renamed AutoIt binary

#Malware 🇧🇷 - Dirigido a 🇦🇷 - No sé a qué grupo pertenece - ⛓️zip > hta > jscript > autoit - Al ejecutar se inyecta en el proceso "mobsync.exe" - 4ta imagen - Overlay Mercadopago C2 34[.95[.244[.203:56789 worksone[.servebbs[.com Reporte relacionado https://t.co/kGYhmv1i1f

#Malware 🇧🇷 Banker Dirigido a 🇦🇷 IOCs zip+hta hxxp://192[.]169[.]176[.]93 Autoit+rat s://zvisionelectronics[.]com/w1/lib/AutoIt3 s://zunelosangeles[.]com/w1/lib/tiaoCrt s://zunelosangeles[.]com/w1/lib/AutoIt3[.]exe C2 149[.]28[.]108[.]157:56789

#Konni Remote Wipe Tactics Targeting Android Devices. Deploys AutoIt persistence (IoKlTr.au3, minutely tasks) + RATs (Remcos/Quasar) for creds/webcam recon. Abuses Google Find Hub for GPS tracking & remote Android factory resets—first APT case—then chains via hijacked chats.

I got tired of deobfuscating and decrypting #CypherIT AutoIT scripts and payloads manually each time, so I put together the script to decrypt the embedded payloads and deobfuscate the restored scripts ☺️ Hopefully, someone will find it useful... https://t.co/7iwKcl6CaF

#capa / #AutoIt / #AutoItRipper / #malwoverview/ trojan.nymeria Correo > Zip > Exe. capa 'AWB 8025872326.exe' -f sc32 autoit-ripper 'AWB 8025872326.exe' ./ai python3.9 /usr/bin/malwoverview.py -v9 -V script.au3 -c ~/malwapi.conf

Brazilian banker spam campaign 213_23f03a-7a1aa949-213.vbs f803c78ec7790c72ca8c63eb724cdf93 drops installer.msi 71c0973acf67404f7afb97ffe35b78ab drops 0cafdf84b8efd2a99d1231e6b9642ada Autoit script #Brazilianbanker #banker #IOC

Coolest #VibeCode #Automation project: CoPilot wrote #Playwright test to generate a custom test record with #API using #GitHub Action; then wrote an @AutoIt .exe anyone with a token can use that pings phone when deets sent to #Teams channel w/ @username . #DarkArtsWizard

Wisdom of the crowd does not work with malware analysis and automatic systems suck. These are the votes on a perfectly clean AutoIt executable.

Apparently using AutoIt in forensic tools is bad now.

Nem előítélet, hanem tapasztalat! Az alábbi videóban az úriember elmondja, hogy az általa üzemeltetett autókölcsönző csak és kizárólag magyaroknak fogja kiadni az autóit. Kifejti, hogy miért is: sajnos a tapasztalat mondatja ezt vele. ℹ️Halmi Bence

Genians reports on the Kimsuky APT group using ChatGPT to generate deepfake South Korean military ID cards for phishing. The campaign used batch files and AutoIt scripts to evade anti-virus defences. https://t.co/ACC1gUa9rf

202507_998978.html.lnk b008997d6b39af478ea4c661f474b4d6930f4d77caf747145690580c70354180 #APT #DPRK #Autoit

Brazilian threat actors are abusing WhatsApp to spread banker trojans. The actor behind the infamous #Astaroth/#Guildma runs a 3-stage campaign: obf VBS →WhatsApp session hijack → LNK dropper → Astaroth(AutoIt) Note: days ago the same technique delivered Maverick (.NET). 1/4

1. Who said I was cool? 2. No 3. I was like 8 years old and wanted to automate some windows function, so I learned autoit 4. Sounds like a skill issue