A team at HP Wolf named the tool “RATDispenser,” and warned that it currently has a detection rate of only 11%.
“Interestingly, our investigation found that RATDispenser is predominantly being used as a dropper in 94% of samples analyzed, meaning the malware doesn’t communicate over the network to deliver a malicious payload.”
This VBScript file then downloads the malware payload and, if successful, will subsequently delete itself.
The eight malware families include: keylogger and info-stealer Formbook; Java RAT STRRAT, which has remote access, credential stealing and keylogging features; downloader GuLoader; and an open source Java RAT known as Ratty.
According to Schläpfer,