Meet UULoader: An Emerging and Evasive Malicious Installer

216.73.216.226

Meet UULoader: An Emerging and Evasive Malicious Installer

· Published 20/08/2024 15:09 · Modified 20/08/2024 15:25

Essential information

Published: 20/08/2024 15:09
Modified: 20/08/2024 15:25
Tags: 2024-08-20 gh0strat mimikatz uuloader
Related entities: 23 observables, 4 techniques (mitre), 3 malware

Description

An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as evidenced by its low VirusTotal detection rates. UULoader's final payloads appear to be remote access tools and hacking tools, likely originating from a Chinese threat actor based on linguistic analysis.

External references

https://cyberint.com/blog/research/meet-uuloader-an-emerging-and-evasive-malicious-installer/
https://otx.alienvault.com/pulse/66c4b1b9e86b3fde4b938be6