Ecipekac

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Ecipekac is a sophisticated multi-layered malware, first observed by cybersecurity experts in an advanced cyber campaign. This malicious software, also known as DESLoader, SigLoader, and HEAVYHAND, employs a unique and complex loading schema that involves the use of four files to load and decrypt four fileless loader modules sequentially. The final payload is then loaded into memory. Ecipekac's detection is challenging due to its ability to insert encrypted shellcodes into digitally signed DLLs without affecting the digital signature's validity, thus bypassing many traditional security measures. The Ecipekac malware carries multiple payloads, each serving different malicious purposes. Two notable payloads are SodaMaster (also known as DelfsCake) and P8RAT (also known as GreetCake), both of which are new fileless malwares. These payloads are particularly insidious as they operate within the computer's memory rather than on the hard drive, making them difficult to detect and remove. Additionally, these payloads check for registry keys and process names to identify if they are operating within a virtual machine environment, further complicating their detection. In conclusion, the introduction of Ecipekac represents a significant advancement in malware technology. Its multi-layered structure, the use of new fileless malware payloads, and its ability to insert encrypted shellcodes into digitally signed DLLs underscore the evolving threat landscape in cybersecurity. Organizations and individuals must remain vigilant and adopt robust security measures to mitigate the risks posed by such sophisticated threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Heavyhand
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Cobalt Strike
Loader
Loader Malware
Payload
Malware
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
P8RATUnspecified
1
P8RAT, also known as GreetCake and HEAVYPOT, is a highly sophisticated fileless malware introduced in a campaign by the threat actor Ecipekac. It is part of a multi-layer loader module designed to deliver various payloads including SodaMaster (also referred to as DelfsCake, dfls, and DARKTOWN), P8RA
SodaMasterUnspecified
1
SodaMaster, also known as DelfsCake, is a new fileless malware discovered to be another payload of the Ecipekac loader. This sophisticated multi-layer loader module is used to deliver various payloads including SodaMaster, P8RAT (also known as GreetCake and HEAVYPOT), and FYAnti (also known as DILLJ
FYAntiUnspecified
1
Fyanti is a highly sophisticated multi-layer malware loader module, used to deliver various malicious payloads such as SodaMaster (also known as DelfsCake, dfls, and DARKTOWN), P8RAT (also known as GreetCake and HEAVYPOT), and FYAnti (also known as DILLJUICE stage2). These payloads eventually load Q
DelfscakeUnspecified
1
None
GreetcakeUnspecified
1
None
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT10Unspecified
1
APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ecipekac Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign