Adwind RAT Malware Attacks on US Petroleum Industry entershopuk, ssn24me

A new malware campaign with the Adwind RAT variant particularly targets the petroleum industry in the US. Adwind, a.k.a Unrecom, Sockrat, JSocket, and jRat is a cross-platform RAT involved in multiple campaigns and it was also distributed via malware-as-a-service in underground markets.
With this campaign threat, actors used a new variant of adware RAT that implements multi-layer obfuscation to try to evade detection.
“We found multiple RAT samples hosted on the serving domain and spread across multiple directories, all hosted within the last month,” reads Netskope report .
The RAT served as a JAR payload from the domain “members[.]westnet[.]com[.]au/~joeven/”, Westnet is an Australian based ISP. Researchers noted that the same RAT hosted in multiple accounts and to evade detection they the extensions (*.png.jar.jar).
Then it creates an AES encryption routine and executes as a new Java thread and it loads the JRAT(Java Runtime Analysis Toolkit) class. JRAT is the open-source performance profiler for the Java platform.
When compared to the previous campaigns the functionality of the RAT remains the same, threat actors made changes in the injection process to evade detection.
Indicators Of Compromise
entershopuk ssn24me