TerraPreter

Description

(ESET) Evilnum group also uses 64-bit executables that decrypt and run a Meterpreter instance in memory. The use of Meterpreter gives them flexibility and the ability to run various payloads in a stealthy and extensible way.

The structure of these components and the integrity checks implemented were identified as TerraLoader (More_eggs) code. That’s why we refer to these components as TerraPreter.

Names

Name
TerraPreter

Type

Loader

Information

https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.terrapreter

Other Information

Uuid

aa8a0c17-4f49-4a18-ac38-28e75a6f14b9

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

TerraPreter

TerraPreter

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks