CLFS Log Files Based Malware Family

Cybersecurity professionals have revealed data about a new malware family that uses the new Common Log File System (CLFS) for concealing second-stage malware in registry transaction files in order to avoid detection.

The virus, which was discovered by FireEye's Advanced team, was named PRIVATELOG, and its installation, STASHLOG. The threat actor's identity and motivations remain unknown.

Although the malware has not been identified in real-world assaults against customer environments or seen releasing any second-stage payloads, PRIVATELOG may still be in development, the product of research, or distributed as a component of highly targeted action.

CLFS is a Windows-based general-purpose logging subsystem that is available to kernel-mode and user-mode programmes such as database management systems, OLTP structures, messaging applications, and networking event management systems for the purpose of creating and distributing high-performance transaction logs.

PRIVATELOG and STASHLOG have features that enable malicious programs to linger on compromised computers and evade identification, such as the use of encrypted strings and data flow techniques specifically designed to complicate static analysis. PRIVATELOG, on the other hand, is disguised as an obfuscated 64-bit DLL named "prntvpt.dll." It uses a method known as DLL search order hijacking to load the dangerous libraries when they are called by a victim program, in this case, a program called "PrintNotify."

Businesses should use the YARA rules to monitor internal networks for malware and keep an eye out for predicators of compromise (IoCs) within endpoint detection and mitigation (EDR) system logs for relevant events.

 

Enjoyed this article? Stay informed by joining our newsletter!

Comments

You must be logged in to post a comment.

About Author

Versatile Content Writer proficient in researching, writing and editing diverse content. Works with minimal input to produce engaging, authoritative and error-free work. Autonomous yet communicative with fiveyear history of superior performance in remote environments. Additionally, a Meticulous Copy Writer offering five-year background preparing well structured drafts, editing posts and conducting keyword research. Collaborative team player possessing impeccable grammar and in-depth comprehension of Microsoft Word and Office. Familiar with SEO practices. Demonstrated record of accomplishment in proposing, outlining and writing engaging, fresh content. Logical and methodical with creative eye for details and diligence in producing exceptional work. Well-versed in building interest in readers, marketing books and critically approaching problems.