Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

Trend Micro reports that attackers published a fake PoC repository for the LDAP vulnerability CVE-2024-49113 that contained a UPX-packed executable (poc.exe). When executed, the binary drops and runs PowerShell scripts that create a scheduled job, download additional scripts from Pastebin, collect system and user files (process lists, directories, network info, installed updates), compress them, and exfiltrate the bundle to an external FTP server using hardcoded credentials; the report includes technical analysis, IOCs, hunting queries, and guidance for preventing similar supply-of-PoC malware lures.