Vcrodat

Description

(Symantec) In some attacks, Whitefly has used a second piece of custom malware, Trojan.Nibatad. Like Vcrodat, Nibatad is also a loader that leverages search order hijacking, and downloads an encrypted payload to the infected computer. And similar to Vcrodat, the Nibatad payload is designed to facilitate information theft from an infected computer.

While Vcrodat is delivered via the malicious dropper, we have yet to discover how Nibatad is delivered to the infected computer. Why Whitefly uses these two different loaders in some of its attacks remains unknown. And while we have found both Vcrodat and Nibatad inside individual victim organizations, we have not found any evidence of them being used simultaneously on a single computer.

Names

Name
Vcrodat

Type

Loader
Downloader

Information

https://symantec-blogs.broadcom.com/blogs/threat-intelligence/whitefly-espionage-singapore?es_p=8774683

Other Information

Uuid

dca2e632-9d9b-4df6-8e38-e5a47e4d0d09

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

Vcrodat

Vcrodat

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks