Power Loader

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Power Loader is a type of malware that serves as a bot builder, primarily used for creating downloaders for other malware families. This represents a trend towards specialization and modularity in malware production. The first version of Power Loader was compiled at the beginning of September 2012, with its export table revealing its unique structure. It uses one main Command and Control (C&C) URL and two reserve URLs to maintain connectivity and control over infected systems. From November 2012 onwards, the malware known as Win32/Redyms began incorporating Power Loader components into its own dropper. This integration suggests that Power Loader's functionality and adaptability made it a valuable tool in the broader landscape of malicious software. The hashes for analyzed samples of Power Loader are as follows: v1 (builder) - a189ee99eff919b7bead989c6ca252b656b61137, v1 (dropper) - 86f4e140d21c97d5acf9c315ef7cc2d8f11c8c94, and v2 (dropper) - 7f7017621c13065ebe687f46ea149cd8c582176d. An intriguing aspect of Power Loader is its use of the open-source disassembler "Hacker Disassembler Engine" (HDE) for code injection. Interestingly, the same engine is also utilized by another malware, Win32/Gapz, in one of its bootkit shellcode modules. While this doesn't conclusively establish that the developers of Power Loader and Gapz are the same, it does highlight a shared methodology between different types of malware, pointing to potential avenues for further investigation and countermeasures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Cybercrime
Bootkit
Malware
Loader
Bot
Dropper
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Power Loader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Gapz and Redyms droppers based on Power Loader code | WeLiveSecurity