all InfoSec news
HrServ – Previously unknown web shell used in APT attack
Malware Analysis, News and Indicators - Latest topics malware.news
Introduction
In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led to the discovery of related variants compiled in 2021, indicating a potential correlation between these separate occurrences of malicious activity.
Initial infection
According to our telemetry data, the PAExec.exe process initiates the creation of a scheduled task …
analysis apt attack client communication course discovery dll dll file encoding features file introduction investigation led memory sample shell web web shell