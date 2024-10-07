DUBAI, DUBAI, UNITED ARAB EMIRATES, October 7, 2024 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis solutions, has published an in-depth report on PhantomLoader, a new loader used to distribute the Rust-based malware SSLoad. This analysis uncovers advanced techniques used by PhantomLoader in recent attacks to deliver SSLoad, highlighting its stealthy distribution methods and malware behavior.

𝐈𝐧-𝐃𝐞𝐩𝐭𝐡 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐨𝐧 𝐏𝐡𝐚𝐧𝐭𝐨𝐦𝐋𝐨𝐚𝐝𝐞𝐫 𝐚𝐧𝐝 𝐒𝐒𝐋𝐨𝐚𝐝

The report dives into the technical nuances of PhantomLoader, which disguises itself as a legitimate DLL module for antivirus software called 360 Security Total.

Through a detailed walkthrough, researchers explain how this loader decrypts and deploys SSLoad, a malware known for its evasive tactics.

𝐊𝐞𝐲 𝐟𝐢𝐧𝐝𝐢𝐧𝐠𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬:

· 𝐒𝐭𝐚𝐫𝐭 𝐨𝐟 𝐢𝐧𝐟𝐞𝐜𝐭𝐢𝐨𝐧 𝐜𝐡𝐚𝐢𝐧: Attackers initiate the SSLoad distribution using malicious Word documents with embedded macros.

· 𝐏𝐡𝐚𝐧𝐭𝐨𝐦𝐋𝐨𝐚𝐝𝐞𝐫’𝐬 𝐬𝐭𝐞𝐚𝐥𝐭𝐡 𝐭𝐞𝐜𝐡𝐧𝐢𝐪𝐮𝐞𝐬: PhantomLoader conceals itself within legitimate DLL modules, using encryption and self-modifying code to remain undetected.

· 𝐒𝐒𝐋𝐨𝐚𝐝'𝐬 𝐚𝐧𝐭𝐢-𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐭𝐞𝐜𝐡𝐧𝐢𝐪𝐮𝐞𝐬: SSLoad employs anti-debugging and anti-emulation techniques to evade detection and decrypts Command-and-Control (C2) URLs for communication.

· 𝐔𝐬𝐞 𝐨𝐟 𝐚𝐝𝐯𝐚𝐧𝐜𝐞𝐝 𝐝𝐞𝐜𝐫𝐲𝐩𝐭𝐢𝐨𝐧 𝐭𝐞𝐜𝐡𝐧𝐢𝐪𝐮𝐞𝐬: Scripts like IDAPython are used to decode and analyze the malware's encrypted payloads.

· 𝐈𝐧𝐝𝐢𝐜𝐚𝐭𝐨𝐫𝐬 𝐨𝐟 𝐂𝐨𝐦𝐩𝐫𝐨𝐦𝐢𝐬𝐞 (𝐈𝐎𝐂𝐬): Key IOCs such as file paths, hashes, and C2 domains are provided to help analysts strengthen their defenses.

To read the full analysis, visit the ANY.RUN blog.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN is a trusted interactive malware analysis platform, relied upon by over 500,000 cybersecurity professionals worldwide. It simplifies the analysis of threats targeting Windows and Linux systems and offers a suite of threat intelligence tools, including TI Lookup, YARA Search, and Feeds, to enhance incident response and threat detection.

