SYMBOLCOMMON_NAMEaka. SYNONYMS
win.unidentified_115 (Back to overview)

Unidentified 115 (Nim Loader)

According to Walmart, this is a loader written in Nim that contains an AmsiScanBuffer patch followed by a EtwEventWrite patch and that will download/decrypt a payload via AES CFB and inject it into a hardcoded process target (e.g. explorer.exe).

References
2024-03-05Medium walmartglobaltechJason Reaves, Joshua Platt
Unknown Nim Loader using PSBypassCLM
Unidentified 115 (Nim Loader)

There is no Yara-Signature yet.