Meet UULoader: An Emerging and Evasive Malicious Installer
Aug. 20, 2024, 3:25 p.m.
Tags
External References
Description
An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as evidenced by its low VirusTotal detection rates. UULoader's final payloads appear to be remote access tools and hacking tools, likely originating from a Chinese threat actor based on linguistic analysis.
Date
Published: Aug. 20, 2024, 3:09 p.m.
Created: Aug. 20, 2024, 3:09 p.m.
Modified: Aug. 20, 2024, 3:25 p.m.
Indicators
fd0c66d3899702138f893f919f21b6d155a53a93a2181eaf4b602030c7adf5c7
ea193e1c13a142ed7d9f499a814d9480441f18c75e0617de8fdcc8443f7d1eae
e8d2a953c4423dc1836165d3cb734418f5276aa5ed46297d03bf01dbc78c8e70
dc8925a926456878860c37ed01a996de4f858f33ac18cfcf9b29a997d7e38e5c
ca543ff1fe2963a8daf5042b29c86e3d4abc0eb1365feb3ca53d006abc48f0cc
c675f276611ef53f8b74b8eb7b33590de19b07fc4b3b6d846ebca6f63a056ff7
bb64e8f94742afec20156e75915070f6c23ca13021a80c4637f92c2760009d72
b3e0aaf9a5c37408fca964220c9d294e4842a2901feaa373f056c191b8c6896d
b172b565dc16b29af83689cf6a26f62372e33f2640109a4ddb15d89f6bff3e6d
972f9dc83a69fa5297e4d0e05113b6fab86bcefb0b3af913f7349bfe0e79fc87
81c25e14af8c4ca37b6fb7ed0d8122a6a5d3054943af89e839bffff907fe128f
742e6e4db5056b45254125f809ec158fdb5303c6c378fc1a23c599965a4aaa67
5d3c87c115092f7c3da9a9144c1b594b0229830b258cbc27fe20841f38b78ca9
5c698edeba5260b1eb170c375015273324b86bae82722d85d2f013b22ae52d0c
5b5e8f9d1e317fd0963be2b5b46ca7a4710c5fec145a5a8bcb7eec1ff519a842
596ffd75ab3512cba1e7328d902460b55401c094ddb67fe9f98263c06d10b517
4a4efcf4c80c5ec4f6479549097e04c272d640664b4f8d0768f159f9f295f24a
45e1ad56a97a92633f41d873fd8cb6b6da8e0e8e4ef094ba433d1c90ea195874
3761a7ac0427692e4194d0a988b0d7985d7a909de69c3fc0ce028eb76a1297f9
359fabc75c195ebec1fea4237aa011092f4080d82236652f2be1252275ed7b4f
165a1ef58ee6f29291685d98863f82d1875d78b16d0a1207b34a7719b2b4d43a
0df0ff0ce0162b4498ad6a25b6e536cffb119316262cf89e4ccf77535ebc13a5
092ca5a50a0bf1d8f7b4e38fd80474f31f1d4eb8036ac13e101421b5df1687db
Attack Patterns
UULoader
Gh0stRat
Mimikatz
T1574.002
T1204.002
T1140
T1027