BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The Lazarus threat group uses the new WinorDLL64 backdoor to exfiltrate sensitive data

    Probably hackers have developed a new tool to spy on half the world.

    ESET specialists have discovered a new backdoor associated with a malware downloader called Wslink. This tool is probably used by the North Korean group Lazarus.

    The payload, dubbed WinorDLL64, is a full-featured implant that executes commands in memory and can:

    extract, overwrite and delete files;
    execute PowerShell commands;
    collect confidential information about the machine;
    list active sessions;
    create and terminate processes;
    enumerate disks;
    compress directories.

    The Wslink payload could be used later for lateral movement, the researchers said. The Wslink loader listens on the port specified in the configuration and can handle additional connecting clients as well as load the payload.

    Backdoor attacks are considered targeted as there have only been a handful of detections in Central Europe, North America and the Middle East to date.

    In March 2022, ESET experts discovered that the malware uses an "extended layered virtual machine" obfuscator to evade detection and resist reverse engineering.

    Experts attribute this tool to the Lazarus Group due to the similarity of the code to the GhostSecret samples from the group's previous campaigns, which come with a "data collection and implant component" that has the same behavior as Wslink.

    ESET said the payload was uploaded to the VirusTotal database from South Korea, where some of the victims are located, also pointing to Lazarus' involvement.

    The experts concluded that the Wslink payload provides a means for manipulating files, executing code, and obtaining extensive information about the underlying system, which can possibly be used later for lateral movement.

    Author DeepWeb
    Darknet Z-Library provides each user with a secret URL
    ChromeLoader adware is delivered to target systems via fake installers of hacked games

    Comments 0

    Add comment