Threat Actors Using WerFault.exe to Deploy Pupy RAT

Threat Level – Red | Vulnerability Report
Download PDF

The Pupy RAT malware is using a technique called DLL side-loading to disguise itself as the legitimate WerFault.exe process in order to evade detection. The malware is delivered via an ISO image that contains a malicious DLL file, a shortcut file, and an Excel file. When the shortcut file is opened, it runs the WerFault.exe process, which then uses the DLL side-loading technique to load and execute the malicious DLL.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox