Back

Meet UULoader: An Emerging and Evasive Malicious Installer

Aug. 20, 2024, 3:25 p.m.

Tags

gh0strat
mimikatz
2024-08-20
uuloader

External References

https://cyberint.com/

https://otx.alienvault.com/

Description

An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as evidenced by its low VirusTotal detection rates. UULoader's final payloads appear to be remote access tools and hacking tools, likely originating from a Chinese threat actor based on linguistic analysis.

Date

Published Created Modified
Aug. 20, 2024, 3:09 p.m. Aug. 20, 2024, 3:09 p.m. Aug. 20, 2024, 3:25 p.m.

Indicators

fd0c66d3899702138f893f919f21b6d155a53a93a2181eaf4b602030c7adf5c7

ea193e1c13a142ed7d9f499a814d9480441f18c75e0617de8fdcc8443f7d1eae

e8d2a953c4423dc1836165d3cb734418f5276aa5ed46297d03bf01dbc78c8e70

dc8925a926456878860c37ed01a996de4f858f33ac18cfcf9b29a997d7e38e5c

ca543ff1fe2963a8daf5042b29c86e3d4abc0eb1365feb3ca53d006abc48f0cc

c675f276611ef53f8b74b8eb7b33590de19b07fc4b3b6d846ebca6f63a056ff7

bb64e8f94742afec20156e75915070f6c23ca13021a80c4637f92c2760009d72

b3e0aaf9a5c37408fca964220c9d294e4842a2901feaa373f056c191b8c6896d

b172b565dc16b29af83689cf6a26f62372e33f2640109a4ddb15d89f6bff3e6d

972f9dc83a69fa5297e4d0e05113b6fab86bcefb0b3af913f7349bfe0e79fc87

81c25e14af8c4ca37b6fb7ed0d8122a6a5d3054943af89e839bffff907fe128f

742e6e4db5056b45254125f809ec158fdb5303c6c378fc1a23c599965a4aaa67

5d3c87c115092f7c3da9a9144c1b594b0229830b258cbc27fe20841f38b78ca9

5c698edeba5260b1eb170c375015273324b86bae82722d85d2f013b22ae52d0c

5b5e8f9d1e317fd0963be2b5b46ca7a4710c5fec145a5a8bcb7eec1ff519a842

596ffd75ab3512cba1e7328d902460b55401c094ddb67fe9f98263c06d10b517

4a4efcf4c80c5ec4f6479549097e04c272d640664b4f8d0768f159f9f295f24a

45e1ad56a97a92633f41d873fd8cb6b6da8e0e8e4ef094ba433d1c90ea195874

3761a7ac0427692e4194d0a988b0d7985d7a909de69c3fc0ce028eb76a1297f9

359fabc75c195ebec1fea4237aa011092f4080d82236652f2be1252275ed7b4f

165a1ef58ee6f29291685d98863f82d1875d78b16d0a1207b34a7719b2b4d43a

0df0ff0ce0162b4498ad6a25b6e536cffb119316262cf89e4ccf77535ebc13a5

092ca5a50a0bf1d8f7b4e38fd80474f31f1d4eb8036ac13e101421b5df1687db

Attack Patterns

UULoader

Gh0stRat

Mimikatz

T1574.002

T1204.002

T1140

T1027