GUNTERS

Description

(SentinelLabs) During our analysis of Moshen Dragon’s activities, we came across a passive loader previously discussed by Avast as ‘GUNTERS’. This backdoor appears to be highly targeted as it performs checks to verify that it is executed on the right machine.

Before execution, the malware calculates the hash of the machine hostname and compares it to a hardcoded value, suggesting that the threat actor generates a different DLL for each target machine.

Names

Name
GUNTERS

Category

Malware

Type

  • Loader

Information

Other Information

Uuid

7281a8c8-1920-4367-b98b-198cd8f49d3a

Last Card Change

2022-05-03