TOUCHSHIFT

Description

(Mandiant) TOUCHSHIFT is a malicious dropper that masquerades as mscoree.dll or netplwix.dll. TOUCHSHIFT is typically created in the same directory and simultaneously as a legitimate copy of a Windows binary. TOUCHSHIFT leverages DLL Search Order Hijacking to use the legitimate file to load and execute itself. TOUCHSHIFT has been observed containing one to two various payloads which it executes in-memory. Payloads that have been seen include TOUCHSHOT, TOUCHKEY, HOOKSHOT, TOUCHMOVE, and SIDESHOW.

Names

Name
TOUCHSHIFT

Type

Dropper

Information

https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.touchshift

Other Information

Uuid

be93acee-c964-4340-bfb4-5bae20f52a2f

Last Card Change

2023-06-22

Threat Intelligence Garden

Explorer

TOUCHSHIFT

TOUCHSHIFT

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks