HUI Loader

Description

(SecureWorks) HUI Loader is a custom DLL loader whose name is derived from a string in the loader (see Figure 1). The malware is loaded by legitimate programs that are vulnerable to DLL search order hijacking. HUI Loader decrypts and loads a third file containing an encrypted payload that is also deployed to the compromised host. CTU researchers have observed HUI Loader loading RATs such as SodaMaster, PlugX, Cobalt Strike, and QuasarRAT.

Names

Name
HUI Loader

Type

Loader

Information

https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader

Mitre Attack

https://attack.mitre.org/software/S1097

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.hui_loader

Other Information

Uuid

afe97e74-7cbf-4bc0-8425-4520ad9f325d

Last Card Change

2024-06-19

Threat Intelligence Garden

Explorer

HUI Loader

HUI Loader

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks