Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page fileless malware
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #4  
Old 02-23-2017, 07:21
klvgen klvgen is offline
Friend
  
Join Date: Feb 2017
Posts: 21
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 3 Times in 3 Posts
klvgen Reputation: 0
Quote:
Originally Posted by deroko View Post
Actually if I remember correctly, a few years back some guys found bug in windows driver, and managed to store whole exploit/shellcode in wrongly parsed registry key (which driver parsed during boot). This could count as fileless persistent code

I don't remember who did it, or how article or poc was named. Was long time ago, if somebody remembers would be awesome to post link
The most famous fileless persistance was done by Poweliks, then by Kovter, and then by malware named Phase.

Poweliks: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3377

Kovter: https://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update

Phase: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3628
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware Analysis ldmd General Discussion 7 03-09-2025 18:42
ahk malware analysis dion General Discussion 0 12-20-2021 08:50
Malware Sample analysis Aesculapius Source Code 2 02-13-2018 19:35


All times are GMT +8. The time now is 05:25.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )