Ecipekac

Malware Profile Updated 23 days ago
Download STIX
Preview STIX
Ecipekac is a sophisticated multi-layered malware, first observed by cybersecurity experts in an advanced cyber campaign. This malicious software, also known as DESLoader, SigLoader, and HEAVYHAND, employs a unique and complex loading schema that involves the use of four files to load and decrypt four fileless loader modules sequentially. The final payload is then loaded into memory. Ecipekac's detection is challenging due to its ability to insert encrypted shellcodes into digitally signed DLLs without affecting the digital signature's validity, thus bypassing many traditional security measures. The Ecipekac malware carries multiple payloads, each serving different malicious purposes. Two notable payloads are SodaMaster (also known as DelfsCake) and P8RAT (also known as GreetCake), both of which are new fileless malwares. These payloads are particularly insidious as they operate within the computer's memory rather than on the hard drive, making them difficult to detect and remove. Additionally, these payloads check for registry keys and process names to identify if they are operating within a virtual machine environment, further complicating their detection. In conclusion, the introduction of Ecipekac represents a significant advancement in malware technology. Its multi-layered structure, the use of new fileless malware payloads, and its ability to insert encrypted shellcodes into digitally signed DLLs underscore the evolving threat landscape in cybersecurity. Organizations and individuals must remain vigilant and adopt robust security measures to mitigate the risks posed by such sophisticated threats.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ecipekac Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign