(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
2021-04-08 • ESET •
Vyveva constitutes yet another addition to Lazarus’s extensive malware arsenal. The loader serves to decrypt the backdoor using a simple XOR decryption algorithm. The backdoor features capabilities for file exfiltration, timestomping, gathering information about the victim computer and its drives, and other common backdoor functionality such as running arbitrary code specified by the malware’s operators. So far, we have been able to find its installer, loader and main payload – a backdoor with a TorSocket DLL.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 1e3785fc4fe5ab8dab31dddd68257f9… | 2021-04-08 | 2021-04-08 |
| HASH | 69529eed679b0c7f1acc1fd782a4b44… | 2021-04-08 | 2021-04-08 |
| HASH | bf98ea1326e5f8c351e68c79b5d1e01… | 2021-04-08 | 2021-04-08 |
| HASH | 66d17344a7ce55d05a324e1c6be2ecd… | 2021-04-08 | 2021-04-08 |
| HASH | dad50ad3682a3f20b2f35be2a94b89e… | 2021-04-08 | 2021-04-08 |
| HASH | 92f5469dbefdcee1343934be149afc1… | 2021-04-08 | 2021-04-08 |
| HASH | 043addfb93a10d187dde4999d780960… | 2021-04-08 | 2021-04-08 |
| HASH | 4d7add8145cb096359ebc3e4d44e19c… | 2021-04-08 | 2021-04-08 |
| HASH | a5ce1df767c89bf29d40dc4fa6eaecc… | 2021-04-08 | 2021-04-08 |
| DOMAIN | cwwpxpxuswo7b6tr.onion | 2021-04-08 | 2021-04-08 |
| DOMAIN | 4bjt2rceijktwedi.onion | 2021-04-08 | 2021-04-08 |
Related Actors
Related Reports
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
2021-04-19 •
60% Match
#Lazarus
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a week