Hackers Hide Backdoors Behind Malicious Self-Extracting Archives

WinRAR self-extracting (SFX) archives include malicious functionality added by threat actors to covertly install persistent backdoors in target computers. These SFX files include bogus files that can start PowerShell, the command prompt, and the task manager with administrative rights. Researchers from CrowdStrike claim that threat actors start by uploading a password-protected SFX file made with WinRAR or 7-Zip to the targeted system.

They utilise stolen credentials to log into a system and seek to take advantage of Utility Manager, a legal Windows accessibility programme. (utilman[.]exe). The application is then configured to link a debugger (another executable) to a particular programme in the Windows Registry. Every time the programme is launched, the debugger will launch automatically.

Hackers Hide Backdoors Behind Malicious Self-Extracting Archives

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Hackers Hide Backdoors Behind Malicious Self-Extracting Archives

09-Apr-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address