BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The Lazarus threat group uses the new WinorDLL64 backdoor to exfiltrate sensitive data

    Probably hackers have developed a new tool to spy on half the world.

    ESET specialists have discovered a new backdoor associated with a malware downloader called Wslink. This tool is probably used by the North Korean group Lazarus.

    The payload, dubbed WinorDLL64, is a full-featured implant that executes commands in memory and can:

    extract, overwrite and delete files;
    execute PowerShell commands;
    collect confidential information about the machine;
    list active sessions;
    create and terminate processes;
    enumerate disks;
    compress directories.

    The Wslink payload could be used later for lateral movement, the researchers said. The Wslink loader listens on the port specified in the configuration and can handle additional connecting clients as well as load the payload.

    Backdoor attacks are considered targeted as there have only been a handful of detections in Central Europe, North America and the Middle East to date.

    In March 2022, ESET experts discovered that the malware uses an "extended layered virtual machine" obfuscator to evade detection and resist reverse engineering.

    Experts attribute this tool to the Lazarus Group due to the similarity of the code to the GhostSecret samples from the group's previous campaigns, which come with a "data collection and implant component" that has the same behavior as Wslink.

    ESET said the payload was uploaded to the VirusTotal database from South Korea, where some of the victims are located, also pointing to Lazarus' involvement.

    The experts concluded that the Wslink payload provides a means for manipulating files, executing code, and obtaining extensive information about the underlying system, which can possibly be used later for lateral movement.

    Author DeepWeb
    Darknet Z-Library provides each user with a secret URL
    ChromeLoader adware is delivered to target systems via fake installers of hacked games

    Comments 0

    Add comment