ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool HUI Loader

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: HUI Loader

NamesHUI Loader
CategoryMalware
TypeLoader
Description(SecureWorks) HUI Loader is a custom DLL loader whose name is derived from a string in the loader (see Figure 1). The malware is loaded by legitimate programs that are vulnerable to DLL search order hijacking. HUI Loader decrypts and loads a third file containing an encrypted payload that is also deployed to the compromised host. CTU researchers have observed HUI Loader loading RATs such as SodaMaster, PlugX, Cobalt Strike, and QuasarRAT.
Information<https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader>
MITRE ATT&CK<https://attack.mitre.org/software/S1097>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.hui_loader>

Last change to this tool card: 19 June 2024

Download this tool card in JSON format

All groups using tool HUI Loader

ChangedNameCountryObserved

APT groups

XAPT 41China2012-Aug 2024 HOTX
 Bronze StarlightChina2021-Mar 2023 

2 groups listed (2 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]