Protection from Jennlog Loader

Jennlog Malicious Loader
© James Thew – stock.adobe.com

A malicious loader named Jennlog has recently been used by an Iranian threat actor called Agrius in a ransomware attack against a university in Israel.

The malware was written in .NET assembly language, and designed to target Windows® machines.

 

 

The loader hides its payload as a resource that initially appears to be a log file.

 

Instead, the resource contains  both the malicious payload (in this case, Orcus RAT) and the malware’s execution configuration. As an anti-analysis method, this loader checks for the presence of virtual machines (VMs) and sandboxes before unpacking its malicious payload, as this might indicate that it is being run on a researcher’s machine.

 

Jennlog loader: Operating System

Jennlog loader: Operating System

Risk & Impact

 Jennlog Loader: Risk & Impact

 

To see how BlackBerry prevents Jennlog attacks from occurring, check out the following video:

 

Contact

Note: Please fill out the fields marked with an asterisk.

Source: https://bit.ly/blog-211108_source