Mass distribution of stealers (Formbook, Snake Keylogger) and use of RelicRace/RelicSource malware as a means of delivery
released on 2022-07-26 @ 11:59:08 AM
Since July 2022, the government computer emergency response team of Ukraine CERT-UA has been recording the facts of the mass mailing of e-mails with the subject "Final payment" and an attachment of the same name in the form of a TGZ archive.
The archive contains an EXE file classified as the RelicRace .NET downloader, designed to download (mostly from OneDrive), decode and run the RelicSource malicious .NET program in memory.