SYMBOLCOMMON_NAMEaka. SYNONYMS
win.deprimon (Back to overview)

Deprimon

Actor(s): DePriMon


According to ESET Research, DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. For that, the malware uses the “Windows Default Print Monitor” name; that’s why we have named it DePriMon. Due to its complexity and modular architecture, researcher believe it to be a framework.

DePriMon has been active since at least March 2017. DePriMon was detected in a private company, based in Central Europe, and at dozens of computers in the Middle East.

References
2019-11-21ESET ResearchESET Research
Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
Deprimon

There is no Yara-Signature yet.