FTPInjectorLoader

Generic FTP+HTTP dual-channel loader/injector PE32 x86. VirtualAllocEx + WriteProcessMemory for process injection. FtpOpenFileW + FtpGetFileSize for FTP payload download. HttpSendRequest for HTTP C2. CryptAcquireContextA + CryptCreateHash + XOR for payload encryption. AdjustTokenPrivileges for privilege escalation. No cleartext C2 IOCs (encrypted).

Threat Profile
Type Loader
Programming LanguageC/C++
C2 ProtocolFTP/HTTP
First Seen2024
Targets Kuresel
Purpose / Capabilities
  • Loader/Injector
No C2 servers have been identified for this family yet.

Research Reports (1)

Medium

FTPInjectorLoader 00f01750 -- VirtualAllocEx WriteProcessMemory Process Injection FtpOpenFileW HTTP InternetSendRequest XOR CryptAcquireContextA AdjustTokenPrivileges | Orta

FTPInjectorLoader 00f01750 PE32 GUI x86 1.4MB. VirtualAllocEx WriteProcessMemory process injection. FtpOpenFileW FtpGetFileSize FTP kanal. HttpSendRequest HTTP. XOR + CryptAcquireContextA.

Read Report →