Skip to content

S0177 Power Loader

Power Loader is modular code sold in the cybercrime market used as a downloader in malware families such as Carberp, Redyms and Gapz. 1 2

Item Value
ID S0177
Type MALWARE
Version 1.0
Created 16 January 2018
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1055 Process Injection -
enterprise T1055.011 Extra Window Memory Injection Power Loader overwrites Explorer’s Shell_TrayWnd extra window memory to redirect execution to a NTDLL function that is abused to assemble and execute a return-oriented programming (ROP) chain and create a malicious thread within Explorer.exe.12

References

Back to top