1. Home
  2. Software
  3. FYAnti

FYAnti

FYAnti is a loader that has been used by menuPass since at least 2020, including to deploy QuasarRAT.[1]

ID: S0628
Associated Software: DILLJUICE stage2
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 22 June 2021
Last Modified: 11 October 2021

Associated Software Descriptions

Name Description
DILLJUICE stage2

[1]
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1140 反混淆/解码文件或信息

FYAnti has the ability to decrypt an embedded .NET module.[1]
Enterprise T1083 文件和目录发现

FYAnti can search the C:\Windows\Microsoft.NET\ directory for files of a specified size.[1]
Enterprise T1027 .002 混淆文件或信息: Software Packing

FYAnti has used ConfuserEx to pack its .NET module.[1]
Enterprise T1105 输入工具传输

FYAnti can download additional payloads to a compromised host.[1]

Groups That Use This Software

ID Name References
G0045 menuPass

[1]

References

  1. GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.