Hotwax

Description

HOTWAX is a module that upon starting imports all necessary system API functions, and searches for a .CHM file. HOTWAX decrypts a payload using the Spritz algorithm with a hard-coded key and then searches the target process and attempts to inject the decrypted payload module from the CHM file into the address space of the target process.

Names

Name
Hotwax
HOTWAX

Type

Loader

Information

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf
https://content.fireeye.com/apt/rpt-apt38
https://www.welivesecurity.com/2017/02/16/demystifying-targeted-malware-used-polish-banks/
https://www.virusbulletin.com/uploads/pdf/magazine/2018/VB2018-Kalnai-Poslusny.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.hotwax

Other Information

Uuid

54742926-6bb1-4c80-aee5-86077acc36a9

Last Card Change

2022-12-29

Threat Intelligence Garden

Explorer

Hotwax

Hotwax

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks