FTPInjectorLoader
Generic FTP+HTTP dual-channel loader/injector PE32 x86. VirtualAllocEx + WriteProcessMemory for process injection. FtpOpenFileW + FtpGetFileSize for FTP payload download. HttpSendRequest for HTTP C2. CryptAcquireContextA + CryptCreateHash + XOR for payload encryption. AdjustTokenPrivileges for privilege escalation. No cleartext C2 IOCs (encrypted).
Threat Profile
Type
Loader
Programming LanguageC/C++
C2 ProtocolFTP/HTTP
First Seen2024
Targets
Kuresel
Purpose / Capabilities
- Loader/Injector
No C2 servers have been identified for this family yet.
Research Reports (1)
FTPInjectorLoader 00f01750 -- VirtualAllocEx WriteProcessMemory Process Injection FtpOpenFileW HTTP InternetSendRequest XOR CryptAcquireContextA AdjustTokenPrivileges | Orta
FTPInjectorLoader 00f01750 PE32 GUI x86 1.4MB. VirtualAllocEx WriteProcessMemory process injection. FtpOpenFileW FtpGetFileSize FTP kanal. HttpSendRequest HTTP. XOR + CryptAcquireContextA.
Read Report →