Home

Report

Dissecting the Malware Involved in the INOCNATION Campaign

Dissecting the Malware Involved in the INOCNATION Campaign

Dissecting the Malware Involved in the INOCNATION Campaign

Fidelis
Pages 14 Pages

This threat advisory analyzes the INOCNATION malware campaign and the RAT used, highlighting a layered design built to evade discovery and frustrate analysis. The attack starts with a dropper that writes and runs both a RAT installer and a legitimate Cisco AnyConnect installer decoy, using XOR obfuscation that skips null and key bytes to hinder extraction. The RAT installer includes sandbox detection via mouse-movement checks, drops an obfuscated DLL payload with a deliberately mangled MZ header that is later repaired, establishes persistence via a Run registry key, deletes itself, and executes the payload through regsvr32. The implant uses Unicode string stacking plus multiple XOR layers and SSL/TLS for C2 traffic, supports commands like reverse shell, file transfer, system info, and unin

Join for free to read

You Might Also Like

A Blueprint for Self-Sufficiency: Cincom’s Intuitive, Flexible Solution Lets MTL Insurance Manage Customer Communications with Confidence
Case Study A Blueprint for Self-Sufficiency: Cincom’s Intuitive, Flexible…
Cincom Systems
Mid-Size E&C Boosts Ability to Efficiently Complete Relief Sizing with aspenONEEngineering
Case Study Mid-Size E&C Boosts Ability to Efficiently Complete Relief…
Aspen Technology
Petrofac Improves Accuracy of Process Models, Increases Capacity 20% for Gas Plant Expansion
Case Study Petrofac Improves Accuracy of Process Models, Increases Capacity…
Aspen Technology
Finding the signal in the noise: Processing big data in cancer studies
Case Study Finding the signal in the noise: Processing big data in cancer…
Eagle Genomics

More from Fidelis

How to Track Key Vulnerabilities and Exposures (CVEs) in the Modern Threat Landscape
White Paper How to Track Key Vulnerabilities and Exposures (CVEs) in the…
Fidelis
Outsmarting Cloud Threats: The Modern XDR Playbook with Fidelis Elevate®
White Paper Outsmarting Cloud Threats: The Modern XDR Playbook with Fidelis…
Fidelis
XDR Solution Implementation Guide: Planning to Execution
Guide XDR Solution Implementation Guide: Planning to Execution
Fidelis
Fidelis Email Security for Office 365
Vendor Sheet Fidelis Email Security for Office 365
Fidelis
© 2026 Contentree.  All Rights Reserved   |   Privacy and Cookies   |   Legal   |   Do not sell my info