GBHackers News reports that the ArmouryLoader malware, which was initially discovered to be exploiting ASUS Armoury Crate software last year, has been integrated with sophisticated attack techniques, including payload distribution, privilege escalation, and anti-endpoint detection and response features.Aside from leveraging gadget-based DLL memory reads and forged call stacks for clandestine operations, ArmouryLoader bolsters stealth via OpenCL-based decryption and self-decrypting code segments throughout its eight-stage operations, according to a report from Antiy CERT. After infiltrating exports for shellcode execution in its initial stage, ArmouryLoader facilitates PE file loading and decryption in the even stages and OpenCL decryption, escalation, and injection in the subsequent odd stages. Further analysis revealed the malware loader to be conducting explorer.exe spoofing and CMSTPLUA COM exploitation for privilege escalation during the fifth stage; the execution of dllhost.exe 64-bit code by Heaven's Gate in the seventh stage; and the utilization of syscalls and multiple gadgets for memory allocation, indirect reads, and control flow redirection during the final stage.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



