216.73.216.133

Unmasking LockBit: A Deep Dive into DLL Sideloading and Masquerading Tactics

· Published 01/08/2025 11:31 · Modified 01/08/2025 11:56

Export JSON

Essential information

Published
01/08/2025 11:31
Modified
01/08/2025 11:56
Tags
2025-08-01 dll sideloading encryption evasion lockbit masquerading persistence ransomware
Related entities
11 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware

Description

This analysis explores the sophisticated tactics employed by attackers, focusing on and techniques. These methods allow attackers to evade detection and maximize impact. involves tricking legitimate applications into loading malicious DLLs, exploiting trusted programs. tactics include renaming malicious files, spoofing process names, and using legitimate icons to blend in with system processes. Recent attacks have utilized trusted applications like Jarsigner.exe, MpCmdRun.exe, and Clink_x86.exe alongside malicious DLLs. The attack chain encompasses initial access, privilege escalation, discovery, credential theft, lateral movement, and impact stages. Attackers employ various tools and techniques, including remote desktop access, NSSM, PsExec, and PowerShell scripts for file .

External references