ANELLDR

Malware & Tools · ANELLDR

· MalwareS9027 · Zararlı Yazılım

Type

malware

Techniques

Used By

0 groups

Platforms

Windows

Description

ANELLDR, a loader that has been in use since at least 2018, was designed to decrypt and execute UPPERCUT in memory. ANELLDR can use anti-analysis techniques and is known to share code overlap with HiddenFace.(Citation: Trend Micro Earth Kasha Anel NOV 2024)(Citation: ESET MirrorFace 2025)

Tactic Coverage

stealth (6)discovery (2)execution (2)

Techniques (8)

T1027Obfuscated Files or Information

stealth

T1027.013Encrypted/Encoded File

stealth

T1027.016Junk Code Insertion

stealth

T1083File and Directory Discovery

discovery

T1106Native API

execution

T1140Deobfuscate/Decode Files or Information

stealth

T1574.001DLL

References

https://attack.mitre.org/software/S9027 https://www.welivesecurity.com/en/eset-research/operation-akairyu-mirrorface-invites-europe-expo-2025-revives-anel-backdoor/https://www.trendmicro.com/en_us/research/24/k/return-of-anel-in-the-recent-earth-kasha-spearphishing-campaign.html