No Python Interpreter? This Simple RAT Installs Its Own Copy

No Python Interpreter? This Simple RAT Installs Its Own Copy
For a while, I'm keeping an eye on malicious Python code targeting Windows environments[1][2]. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default on most Windows operating systems. Python is often available on developers, system/network administrators, or security teams. Like the proverb says: "You are never better served than by yourself", I found a simple Python backdoor that installs its own copy of the Python interpreter!
The backdoor is installed via a VBS script (SHA256:eda050c767cb65150b1f4c8a4307c15baf5aebf211367191aaf7ede3aee823d5) has a VT score of 11/58[3]. I don't know how it is delivered and executed on the target computer but, it is light and easy to read. Here is a full copy:

Related Keywords

India ,Xavier Mertens ,Wscript Createobject ,Shellexecute Wscript Fullname ,Wscript Scriptfullname ,Copyhere Filesinzip ,Webclient Downloadfile ,Program Files Windows ,Program Files ,Shell ,Arguments Named Exists ,New Object System ,Shell Namespace ,Socket Writeline ,Python Writeline ,Cyber Security ,Reverse Engineering Malware ,Malware Analysis Tools ,இந்தியா ,ஐயேவியர் மேர்தேன்ஸ் ,ப்ரோக்ர்யாம் கோப்புகள் ,ஷெல் ,புதியது பொருள் அமைப்பு ,சைபர் பாதுகாப்பு ,தலைகீழ் பொறியியல் தீம்பொருள் ,தீம்பொருள் பகுப்பாய்வு கருவிகள் ,