Tag: r77 rootkit

A stealthy malware campaign dubbed OBSCURE#BAT has been discovered, utilizing social engineering and deceptive file downloads to trick users into executing obfuscated code. The infection chain deploys a user-mode rootkit that manipulates system processes and registry entries to evade detection and …

This analysis delves into PackXOR, a private packer associated with FIN7's AvNeutralizer tool. PackXOR employs a two-section structure with XOR encryption and LZNT1 compression. The packer utilizes Run-Time Dynamic Linking and encrypts API function names. Notably, PackXOR has been observed packing …