The NCSC malware analysis report on a variant of the SparrowDoor malware is available below, along with indicators of compromise, STIX and detection rules.
The report covers technical analysis of a variant of SparrowDoor reported by ESET in September 2021. The variant was found on a UK network in 2021 and contains additional functionality.
SparrowDoor is a persistent loader and backdoor which employs XOR encoding for the C2 channel underneath HTTPS. The additional functionality includes clipboard logging, AV detection, inline hooking of Windows API functions and token impersonation.