Names | HUI Loader | |
Category | Malware | |
Type | Loader | |
Description | (SecureWorks) HUI Loader is a custom DLL loader whose name is derived from a string in the loader (see Figure 1). The malware is loaded by legitimate programs that are vulnerable to DLL search order hijacking. HUI Loader decrypts and loads a third file containing an encrypted payload that is also deployed to the compromised host. CTU researchers have observed HUI Loader loading RATs such as SodaMaster, PlugX, Cobalt Strike, and QuasarRAT. | |
Information | <https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S1097> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.hui_loader> |
Last change to this tool card: 19 June 2024
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
APT 41 | 2012-Aug 2024 | ||||
Bronze Starlight | 2021-Mar 2023 |
2 groups listed (2 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |