STASHLOG

Description

(Cybereason) STASHLOG (shiver.exe / forsrv.exe) is a 32 bit executable that is being used to prepare the victim machine for further compromise, and to “stash” a malicious, encrypted payload to a CLFS log file. This payload will be decrypted at each phase to deliver the next phase in the infection.

Names

Name
STASHLOG

Type

Loader

Information

https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive
https://www.mandiant.com/resources/unknown-actor-using-clfs-log-files-for-stealth

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.stashlog

Other Information

Uuid

073125dd-411b-4292-bb14-5b42780ee33d

Last Card Change

2022-12-27

Threat Intelligence Garden

Explorer

STASHLOG

STASHLOG

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks