[Nulled] » Information security » Experts from CrowdStrike have discovered a new strain of the advanced GuLoader loader.
January 16 2023

Experts from CrowdStrike have discovered a new strain of the advanced

Experts from CrowdStrike have discovered a new strain of the advanced GuLoader loader.

As it turned out, the authors of malware carried out a decent upgrade and added a wide range of features to bypass security software.

GuLoader, also known as CloudEyE, was first discovered in 2019 and is a Visual Basic Script (VBS) loader that is used to distribute remote access Trojans.

According to experts, the new method of antianalysis is based on scanning the allocated memory of all processes associated with a virtual machine.

The malware uses a three-step process in which VBScript delivers the payload responsible for delivering the second stage and checking the virtual environment, after which the shell code is embedded in memory.

Further, the shell code, in addition to using the same anti-analysis methods, loads the final payload of the attacker's choice from a remote server and executes it on a compromised host.

Moreover, the shell code uses several anti-analysis and anti-debugging techniques at each stage of execution, issuing appropriate error messages if it suddenly detects any known analysis method or debugging mechanism.

In order to avoid the NTDLL.dl traps implemented by EDR system solutions, malware uses, as experts called it, a mechanism for introducing redundant code.

The recercers from Cymulate even demonstrated an EDR bypass technique known as Blindside, which allows you to run arbitrary code using hardware breakpoints to create "a process in which only NTDLL is in an offline, unconnected state."

As the researchers concluded, GuLoader was and remains a dangerous threat that is constantly evolving thanks to new methods of evading detection.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

Related News

16 January 2023
Information security
K7 Security Labs

K7 Security Labs resellers have discovered a campaign by an unknown actor, presumably based in China, who uses

Read more
16 January 2023
Information security
Symantec researchers

Symantec researchers report details about the activities of a cybercrime group they track as Bluebottle, revealing

Read more
16 January 2023
Information security
Deep Instinct recercers

Deep Instinct recercers discovered a new company using remote access Trojans (RAT) Strat and Ratty, whose

Read more
16 January 2023
Information security
Automakers in pursuit of

Automakers in pursuit of active and passive safety at the time would like to think about information. While BMW,

Read more
16 January 2023
Information security»,Protection and hacking»,DDOS
Let's go back to Zerobot

Let's go back to Zerobot, which was originally reported by Fortinet two weeks ago. The Internet of Things (IoT)

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +12 Total articles 6747
  • +16 Comments 4077
  • +28 Users : 5854