Today, one of the attackers’ most widely used techniques is the Fileless Malware. Fileless Malware refers to malware that does not use a specific code or binary on the disk to execute and does not execute certain content on the disk, which is malicious code related to the attacker’s malware.
Fileless Malware can take many forms, and in this article, we will look at the history and popularity of this technique among hackers.
What Is Fileless Malware?
The Fileless technique is a pamphlet of old Techniques. Still, it is so popular today among hackers because it is not detected by traditional security systems or is challenging to detect. This technique was used by Powelike malware in 2014, which caused a lot of noise because the whole plan of this malware was Fileless and left no trace of itself on the disk, just by running it in memory and writing values ​​to its Registry process.
How does Fileless Malware work?
For example, if a system is infected with malware, the malware executes its malicious code or binary on the disk, which is due to a suspicious and unknown code or binary on the system. he does. Built can make a lot of noise. The Fileless technique removes this process from the disk in several ways. For example, instead of using a specific code directly to perform the attribute process on the target system, the individual uses legal software running on the system, including software I can use for this purpose is PowerShell.
What are the Fileless Malware Techniques?
Note that fileless malware requires direct access to the system, which is then attacked by tools and platforms pre-installed on the target system. Fileless Malware techniques include several different modes, including:
- Exploit Kits
- Registry Resident Malware
- Memory-Only
- Stolen Credentials
Introduction of Fileless Malware Techniques
Exploit Kits Technique
Exploit Kits are a set of different exploits to identify vulnerabilities on a system through the exploits in it. Once the vulnerability is found, it may launch a Fileless Malware attack.
Registry Resident Malware Technique
This technique is done by writing malicious code in the Windows system registry. Notice how a Dropper works; a Dropper starts downloading and installing malicious code or software on the system when it is installed on the target system. When Dropper does this, it becomes easier to identify it with security equipment, but let’s take a look at the normal Dropper mode and look at it in such a way that Dropper, instead of downloading and putting malicious code or software on The system will put a code directly from the Dropper in the System Registry! This process is often used to implement Persistence techniques
Memory-Only Malware Technique
Note that the Memory-only technique is essentially implemented at the Memory level, as its name implies. An example of this technique is the Duqu malware, which comes in two versions. The first version of Duqu is used to implement a backdoor, and the second version is used to implement advanced techniques such as Exfiltration and Lateral Movies.
Stolen Credentials Technique
Note that this technique is done by stealing sensitive data from an account. The attacker uses tools such as WMI and PowerShell, which are present by default in the system and are the most widely used toolkit for implementing Fileless Malware.
