Researchers from Proofpoint have found a malware dubbed Marap that is
being used to target large enterprises and financial institutions. The
design of the malware can be utilised to deliver additional malware in
Proofpoint has reported a lot of email campaigns in August which
contained messages with the sole intention of spreading Marap malware:
“Proofpoint researchers lately discovered a new
downloader malware in a fairly large campaign (millions of messages)
essentially targeting financial institutions. The malware, dubbed
“Marap” (“param” backwards), is notable for its focused
functionality that includes the ability to download other malicious code
modules and payloads.” reads the analysis published by Proofpoint.
The attacks are being distributed by a cyber gang named TA505. The
hackers tried to spread it by using Microsoft Excel Web Query files and
password protected ZIP files. The name Marap comes with the Command and
Control (C&C) phone home parameters “param”.
Marap malware uses HTTP for C&C communication but uses a lot of
WinHTTP functions to determine whether the malware requires a proxy.
Experts have also found a URL from where the module is being downloaded
from. It contained an internal DLL file named mod_Init.dll which was
written in C.
Source : https://latesthackingnews.com/2018/08/19/marap-new-malware-being-used-to-target-financial-institutions/