CurlHelperDLL
Unique C2 communication DLL embedded in libcurl 8.18.0. User-Agent: CurlHelper/1.0 (Windows). Bearer token authentication. TbcString C++ class. Chinese developer environment signatures (CSDN, Baidu). RC4+AES-128+RSA encryption. future timestamp.
Threat Profile
Type
Backdoor
Programming LanguageC++
C2 ProtocolHTTP/HTTPS
First Seen2024
Targets
Kuresel
Purpose / Capabilities
- HTTP C2 Communication DLL
No C2 servers have been identified for this family yet.
Research Reports (1)
CurlHelperDLL 5129d1d2 -- libcurl-8-18-0 User-Agent-CurlHelper-1-0-Windows Bearer-token auth=Bearer TbcString Dll6-dll csdnimg-cn baidu-com CALG-RC4 CALG-AES-128 future-timestamp | Orta
CurlHelperDLL 5129d1d2 PE32 DLL 647KB libcurl 8.18.0 gomulu. User-Agent: CurlHelper/1.0. Bearer token auth. Dll6.dll TbcString C++. Cin: csdnimg.cn+baidu.com test URL. RC4+AES-128+RSA. future timestamp.
Read Report →