[MART] - Daily Diary #328 - Malware Types - Downloaders and Droppers

CTAS-MAT ctas-mat at appgate.com
Tue Aug 17 23:42:52 UTC 2021


I hope everyone is doing well!

Below is the entry for today.

08/17/2021 - Diary entry #328:

In this Daily Diary we will start a new thread, explaining the differences regarding malware types. Downloaders and Droppers are by far the most common malware piece one can stumble upon on the internet.

Downloaders and Droppers are mostly lightweight files, with the sole purpose of preparing the environment and downloading, or extracting from itself, another piece of malware. Although they are very similar, there is a slight difference between them: Droppers already have the next stage executable inside itself, while a Downloader must download it from an external URL. Both can be found in a vast variety of file formats, like executables, scripts, office documents, PDFs, Microsoft Installers and even Windows help files.

As simple pieces of malware, it's somewhat hard to tie a specific type of Downloader or Dropper to a cybercrime group without the knowledge of the downloaded/dropped threat. One malware family can have several Downloaders/Droppers related, and it's very common that each campaign of a malware uses a different type to avoid detection.

Social engineering is very important when spreading this kind of threat. Through phishing pages and spam e-mails, an attacker must convince you to download and execute the malware. This is done either by convincing you that's a trusted piece of software, as we have seen some even mimicking AntiVirus solutions, or by convincing and e-mail attachment is an important document you must open. So next time you receive an e-mail from an unknown sender with an attachment, beware! It's probably a Downloader or a Dropper.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210817/2315728f/attachment.htm>

More information about the MART mailing list