S0177 Power Loader
Power Loader is modular code sold in the cybercrime market used as a downloader in malware families such as Carberp, Redyms and Gapz. 1 2
| Item | Value |
|---|---|
| ID | S0177 |
| Type | MALWARE |
| Version | 1.0 |
| Created | 16 January 2018 |
| Last Modified | 17 October 2018 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1055 | Process Injection | - |
| enterprise | T1055.011 | Extra Window Memory Injection | Power Loader overwrites Explorer’s Shell_TrayWnd extra window memory to redirect execution to a NTDLL function that is abused to assemble and execute a return-oriented programming (ROP) chain and create a malicious thread within Explorer.exe.12 |