Marap
Marap is a Trojan downloader that gives criminals generalized threat-distributing capabilities after compromising a PC. Marap infections usually result from unprotected contact with corrupted e-mail attachments and can lead to attacks by backdoor Trojans, advanced spyware, and other, equally high-level threats. Have your anti-malware products disinfect the PC and delete Marap when necessary, and scan e-mail attachments before opening them for catching its installation tactics.
Trojans Using Encryption for Defense Instead of Offense
A semi-sophisticated Trojan downloader is in utilization against various business entities around the world at a rate of millions of spam e-mails sent. The Trojan, Marap, is specializing in compromising banking institutions currently and can be presumed to be either exfiltrating confidential information or enabling further security breaches, such as the configuring of a complete backdoor. Marap also includes several self-defensive features, such as two types of the XOR encryption.
Along with the XOR encoding, Marap also creates strings 'on the stack,' can self-terminate if it detects a virtual environment, includes a C&C contact hibernation feature, and may download an additional module that can note the presence of any anti-virus software. Marap also has a self-updating command, a self-uninstall routine, and particularly in-depth support for different threat-downloading configurations. Depending on the options the remote attacker chooses, Marap could inject a downloaded file into another memory process, run it by itself from a Temp folder or other location, or run it with an additional API or command line argument.
Malware experts are judging Marap as being a low-footprint threat with minimal file sizes, system disruption or symptoms for any victims to notice. This Trojan downloader is an enabler for other, more specialized software, and, although it includes no specific attack features besides downloading and running other files, could help instigate attacks from threats like the Vermin RAT, LokiBot or InvisiMole.
The Right Parameters for Kneecapping Marap's Campaigns
Although Marap is spearheading infections for more than one campaign, most of its infection vectors are using consistent tactics involving spam e-mails. These messages, which number in the millions, to date, use a variety of formats implying that their attached files are work-related documents typically and include appropriate filename disguises. From the samples that malware experts are viewing, ZIP archives, PDF documents, and Excel's IQY ('internet query') have strong associations with Marap infection attempts.
Most forms of anti-malware programs should identify these threats automatically as they scan the associated file attachments. Workers also should be cautious of opening unexpected content that matches the formats of a Marap spam attack, such as fake 'sales' requests, banking advertisements with embedded links, or network admin-sent documents with vague descriptions. Due to its presence almost always provoking the installation of other threats, victims always should remove a Marap infection by using appropriate security software to analyze and disinfect the entire PC.
Since Marap's defenses, post-installation, are extensive, it falls on PC users to keep their systems secure by avoiding any self-endangering behavior. Threat actors can build impressively stealth-focused software, but these programs always need an initial foothold that, all too often, is the fault of a careless employee clicking the wrong file.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.