"The firm's researchers aren't sure how attackers infect targets with EggStreme, but spotted a server running it and found multiple components that share characteristics and therefore suggest a sophisticated development effort. The first component is called "EggStremeFuel", which Bitdefender says deploys a tool called "EggStremeLoader" to establish a persistent service. Next comes another loader, "EggStremeReflectiveLoader", which launches the main payload called "EggStremeAgent." The agent monitors for new user sessions in Windows and when it finds one injects a keylogger into the active explorer.exe process."
""This agent is a full-featured backdoor with a broad range of capabilities" that Bitdefender's defenders believe has 58 commands that Bitdefender says allow attackers to launch other tools, the worst of which is a backdoor called "EggStremeWizard" that attackers use to launch "a legitimate binary that sideloads the malicious DLL." The malware family can also enable the following nasty outcomes:"
EggStreme Framework is a multi-stage in-memory malware designed to establish a resilient foothold on compromised Windows systems. The framework uses EggStremeFuel to deploy EggStremeLoader, which creates a persistent service, and EggStremeReflectiveLoader to launch EggStremeAgent. EggStremeAgent monitors user sessions, injects a keylogger into explorer.exe, and implements a full-featured backdoor with dozens of commands. Operators can launch additional tools, including EggStremeWizard that sideloads a malicious DLL. Capabilities include system fingerprinting, network and resource enumeration, privilege escalation, arbitrary command execution, data exfiltration, and file and directory manipulation.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]