Hackers use fake Windows error logs to hide malicious payload

Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks.

The trick is part of a longer chain with intermediary PowerShell commands that ultimately delivers a script for reconnaissance purposes.

MSP threat detection provider Huntress Labs discovered an attack scenario where a threat actor with persistence on a target machine tried to run an unusual trick to carry on with their attack routine.

Read more…
Source: Bleeping Computer