Blogs
Malware Library
Zero-Dwell Threat Intelligence Reports
Visual Basic Dropper Deploys Remote Modules and Modifies Autorun
.exe
spreader
SFX-Based Dropper Executes NSudo Launcher and Performs Registry Recon
.exe
overlay
detect-debug-environment
Trojanized WinRAR SFX with NSudo/NirCmd Tooling and Service-Tampering Calls
.exe
overlay
detect-debug-environment
Qt5Network Imposter Executes Trojan Downloader and Beaconing
.dll
signed
overlay
detect-debug-environment
invalid-signature
SFX Installer Uses PowerShell & CSC Staging to Deploy Encrypted Stealers
.exe
overlay
calls-wmi
executes-dropped-file
persistence
NSIS/Runner Fetcher Beacons to rhussois.su and prebwle.su for Tasks
.exe
long-sleeps
overlay
calls-wmi
executes-dropped-file
MSIL Androm/AgentTesla Variant Adds Startup VBS and Defender Exclusions
.exe
64bits
spreader
assembly
RedCap/DllHijacker Implant Exported as TSVIPSrv.dll for Sideloading
.dll
64bits
long-sleeps
detect-debug-environment
Fake Downloader Uses Schtasks/PowerShell to Achieve Autorun Persistence
.exe
detect-debug-environment
spreader
persistence
StealC v2 Dropper Uses RC4 Traffic Key to Contact toxwebapp.com
.exe
64bits
spreader
checks-cpu-name
persistence
Win64 Shellcode Runner Exporting WMI APIs to Conceal Loader Activity
.dll
64bits
long-sleeps
detect-debug-environment
Lumma/Stealc Dropper Persists to Run Key and Fetches Encrypted Tasks
.exe
64bits
overlay
spreader
Posts navigation
← Previous
1
…
32
33
34
35
36
…
60
Next →
