Threat Actors Using WerFault.exe to Deploy Pupy RAT
Threat Actors Using WerFault.exe to Deploy Pupy RAT
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
The Pupy RAT malware is using a technique called DLL side-loading to disguise itself as the legitimate WerFault.exe process in order to evade detection. The malware is delivered via an ISO image that contains a malicious DLL file, a shortcut file, and an Excel file. When the shortcut file is opened, it runs the WerFault.exe process, which then uses the DLL side-loading technique to load and execute the malicious DLL.