logo
Questions? +1 (202) 335-3939 Login
Set Up FREE Account Submit Release
Trusted News Since 1995
A service for global professionals · Monday, March 10, 2025 · 792,421,973 Articles · 3+ Million Readers
Got News to Share? Send 2 FREE Releases
News Search | All News Topics > SADC News Topics: By Country | By State ; Press Releases by Industry Channel > All SADC Press Releases

ANY.RUN Publishes In-Depth Analysis on New Loader Used to Distribute SSLoad Malware

DUBAI, DUBAI, UNITED ARAB EMIRATES, October 7, 2024 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis solutions, has published an in-depth report on PhantomLoader, a new loader used to distribute the Rust-based malware SSLoad. This analysis uncovers advanced techniques used by PhantomLoader in recent attacks to deliver SSLoad, highlighting its stealthy distribution methods and malware behavior.

๐ˆ๐ง-๐ƒ๐ž๐ฉ๐ญ๐ก ๐Œ๐š๐ฅ๐ฐ๐š๐ซ๐ž ๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐จ๐ง ๐๐ก๐š๐ง๐ญ๐จ๐ฆ๐‹๐จ๐š๐๐ž๐ซ ๐š๐ง๐ ๐’๐’๐‹๐จ๐š๐

The report dives into the technical nuances of PhantomLoader, which disguises itself as a legitimate DLL module for antivirus software called 360 Security Total.

Through a detailed walkthrough, researchers explain how this loader decrypts and deploys SSLoad, a malware known for its evasive tactics.

๐Š๐ž๐ฒ ๐Ÿ๐ข๐ง๐๐ข๐ง๐ ๐ฌ ๐Ÿ๐ซ๐จ๐ฆ ๐ญ๐ก๐ž ๐š๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ:

ยท ๐’๐ญ๐š๐ซ๐ญ ๐จ๐Ÿ ๐ข๐ง๐Ÿ๐ž๐œ๐ญ๐ข๐จ๐ง ๐œ๐ก๐š๐ข๐ง: Attackers initiate the SSLoad distribution using malicious Word documents with embedded macros.

ยท ๐๐ก๐š๐ง๐ญ๐จ๐ฆ๐‹๐จ๐š๐๐ž๐ซโ€™๐ฌ ๐ฌ๐ญ๐ž๐š๐ฅ๐ญ๐ก ๐ญ๐ž๐œ๐ก๐ง๐ข๐ช๐ฎ๐ž๐ฌ: PhantomLoader conceals itself within legitimate DLL modules, using encryption and self-modifying code to remain undetected.

ยท ๐’๐’๐‹๐จ๐š๐'๐ฌ ๐š๐ง๐ญ๐ข-๐š๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐ญ๐ž๐œ๐ก๐ง๐ข๐ช๐ฎ๐ž๐ฌ: SSLoad employs anti-debugging and anti-emulation techniques to evade detection and decrypts Command-and-Control (C2) URLs for communication.

ยท ๐”๐ฌ๐ž ๐จ๐Ÿ ๐š๐๐ฏ๐š๐ง๐œ๐ž๐ ๐๐ž๐œ๐ซ๐ฒ๐ฉ๐ญ๐ข๐จ๐ง ๐ญ๐ž๐œ๐ก๐ง๐ข๐ช๐ฎ๐ž๐ฌ: Scripts like IDAPython are used to decode and analyze the malware's encrypted payloads.

ยท ๐ˆ๐ง๐๐ข๐œ๐š๐ญ๐จ๐ซ๐ฌ ๐จ๐Ÿ ๐‚๐จ๐ฆ๐ฉ๐ซ๐จ๐ฆ๐ข๐ฌ๐ž (๐ˆ๐Ž๐‚๐ฌ): Key IOCs such as file paths, hashes, and C2 domains are provided to help analysts strengthen their defenses.

To read the full analysis, visit the ANY.RUN blog.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐
ANY.RUN is a trusted interactive malware analysis platform, relied upon by over 500,000 cybersecurity professionals worldwide. It simplifies the analysis of threats targeting Windows and Linux systems and offers a suite of threat intelligence tools, including TI Lookup, YARA Search, and Feeds, to enhance incident response and threat detection.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X

Powered by EIN Presswire

Distribution channels: Banking, Finance & Investment Industry, Companies, IT Industry, International Organizations, Technology

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Submit your press release

SADC News Today by EIN Newsdesk & EIN Presswire (a press release distribution service)

Follow us on Facebook and connect with us on LinkedIn

Newsmatics Inc., 1025 Connecticut Avenue NW, Suite 1000, Washington, DC 20036 · Contact · About

© 1995-2025 Newsmatics Inc., a publisher of EIN News · All Rights Reserved · Privacy Policy · User Agreement