Technical Analysis: Killer Ultra Malware Targeting…

ARC Labs analyzed "Killer Ultra," a malware component used in Qilin ransomware operations that disables endpoint security by unpacking and installing a vulnerable Zemana AntiLogger driver (CVE-2024-1853) to terminate AV/EDR processes, clear Windows Event Logs, establish persistence via scheduled tasks, and contains inactive code for downloading/executing post-exploitation tools; ARC Labs provides detection queries and a sample hash.