Intel Name: Vhds used to distribute venomrat and other malware
Date of Scan: March 17, 2025
Impact: High
Summary: The blog post discusses how threat actors use Virtual Hard Disk (VHD) image files to deliver and distribute VenomRAT malware. The campaign begins with a phishing email that lures victims with a purchase order attachment. When extracted, the email contains a VHD file that mounts itself as a virtual drive. Inside, a batch script runs malicious activities using PowerShell, exfiltrates sensitive data, and communicates with Command and Control servers. This method allows malware to bypass traditional security measures and infect systems.
