BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Malware GuLoader uses new methods to bypass security programs


    3-step infection process and advanced EDR bypass features.

    CrowdStrike cybersecurity researchers have identified a wide range of techniques used by the advanced malware loader GuLoader to bypass security tools.

    GuLoader (CloudEyE) is a VBS (Visual Basic Script, VBS) loader that is used to distribute RAT Trojans such as Remcos. It was first discovered in 2019.

    The discovered sample of GuLoader demonstrates a three-stage infection process:

    First stage: The VBS dropper places the packed second stage payload into a registry key. It then uses a PowerShell script to execute and unpack the second stage payload from an in-memory registry key.
    Second stage: The second stage payload performs antiparsing routines, creates a Windows process (eg ieinstal.exe) and injects the same shellcode into the new process.
    The third stage: all anti-analysis techniques are re-implemented, the final payload is loaded from a remote server and executed on the victim's machine.

    The malware implements anti-debugging and anti-disassembly checks to detect the presence of breakpoints used for code analysis. The experts also stated that an additional feature of GuLoader is a "redundant code injection mechanism" to avoid interception of the NTDLL.dll component. NTDLL.dll API interception is a technique used by anti-malware mechanisms to detect and flag suspicious processes in Windows by monitoring malicious APIs.

    The researchers concluded that GuLoader remains a dangerous threat that is constantly evolving thanks to new methods of evading detection.

    Author DeepWeb
    The most dangerous hacker groups in 2022
    200 hundred bucks for US military secret biometrics

    Comments 0

    Add comment