Home Malware Programs Malware Siesta

Siesta

Posted: April 17, 2014

Threat Metric

Threat Level: 1/10
Infected PCs: 166
First Seen: April 17, 2014
Last Seen: July 11, 2023
OS(es) Affected: Windows


Siesta is a cyber espionage campaign which targets many organizations of different industries. The spread malware infection is dubbed Siesta on account of periods of dormancy to access at regular intervals with emails affecting executives of the company. The sender's email address is spoofed to appear as if it was sent by another employee of the company. The malicious messages do not contain a malware threat, but they carry links which direct to a download website. The website containing the malware infection is named [malicious domain]/ [organization name]/[legitimate archive name].zip. The archive contains an executable which when first looked upon looks like a safe PDF document but when executed, a legitimate PDF file which may have been taken from the affected company's website and a malicious component is dropped. The malware infection, known as Siesta, secretly enters into the PC when the victimized computer user is looking at the PDF document and starts communicating with a command and control server from which it receives commands like 'sleep' and 'download'. The sleep command instructs the malware threat to remain idle for specified number of minutes before resuming its activities and the download command instructs the malware infection to download and execute an additional malicious component. In actuality, the name Siesta campaign is based on the use of sleep command ('siesta' means 'nap' in Spanish).

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



[malicious domain]/ [organization name]/[legitimate archive name].zip File name: [malicious domain]/ [organization name]/[legitimate archive name].zip
Mime Type: unknown/zip
Group: Malware file

Additional Information

The following URL's were detected:
https://feed.bestsearchconverter.com/?q=
Loading...