MasterMana Botnet targets business users
MasterMana Botnet is believed to be operated by the Gorgon Group advanced persistent threat.
MasterMana is typically delivered via phishing emails containing malicious macro-enabled Microsoft Excel attachments. Once executed, these documents will attempt to terminate any Microsoft Office processes. Following this, the payload will attempt to add three scheduled tasks along with registry key values to maintain persistence.
If successful, MasterMana will reach out to attacker-controlled domains, hosted on widely used blogging services. These domains will then redirect to command and control servers and begin downloading DLL or PowerShell code. The code attempts to inject itself into processes, with the goal of evading anti-virus products.
Once successfully injected into processes, MasterMana will then download and install either the AZORult or RevengeRAT remote access trojans.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.