TAXHAUL

Description

(Mandiant) TAXHAUL is a DLL that, when executed, decrypts a shellcode payload expected at C:\Windows\System32\config\TxR<machine hardware profile GUID>.TxR.0.regtrans-ms. Mandiant has seen TAXHAUL persist via DLL search order hijacking.

Names

Name
TAXHAUL

Type

Dropper

Information

https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

Other Information

Uuid

71b734a7-1ca4-457f-97bd-d6112e85c41f

Last Card Change

2023-04-26

Threat Intelligence Garden

Explorer

TAXHAUL

TAXHAUL

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks