HemiGate

Description

(Trend Micro) HemiGate is a backdoor used by Earth Estries. Like most of the tools used by this threat actor, this backdoor is also executed via DLL sideloading using one of the loaders that support interchangeable payloads. K7AVMScn.exe from K7 Computing is the sideloading host utilized by this backdoor, while the loader poses as K7AVWScn.dll. The main backdoor is an encrypted file named taskhask.doc, and another encrypted file named taskhask.dat serves as the configuration file.

Names

Name
HemiGate

Type

Backdoor

Information

https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html
https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.hemigate

Other Information

Uuid

3a8b91fe-b0df-4e6c-a005-be144bbc6440

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

HemiGate

HemiGate

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks