WispRider

Description

(Check Point) WispRider is a side-loaded DLL which contains both the USB infector component and the backdoor itself. It first creates a mutex to ensure there is a single instance running and checks that the executable that side-loaded it was executed with the proper argument. Next, it searches for a configuration file by first identifying a currently running directory from which the executable runs, and then recursively scanning from that directory to check each file as a potential config file candidate.

Names

Name
WispRider

Category

Malware

Type

• Backdoor

Information

• https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/

Other Information

Uuid

5d476448-f2e8-46dd-b45c-c034edb268a8

Last Card Change

2023-06-23