ProcessHollowingLoader

Process hollowing .NET loader. Developer OPSEC fail: PDB path "cool project lol" on D:\Users irtual\Desktop\Malware\. NtUnmapViewOfSection + SetThreadContext injection. Loader.dll + LoaderBootstrap.dll chain. Version 26.4.4.799.

Threat Profile
Type Loader
Programming LanguageC#/.NET
C2 ProtocolLocal
First Seen2024
Targets Küresel
Purpose / Capabilities
  • Process Hollowing/Loader
No C2 servers have been identified for this family yet.

Research Reports (1)

Critical

ProcessHollowingLoader cool_project_lol -- D:Usersvirtual Malware projects cool project lol PDB OPSEC Hatasi, NtUnmapViewOfSection SetThreadContext Process Hollowing, Benign GUI Resource MZ Enjeksiyon Debug Kaniti, LoaderBootstrap dll Payload Yukleme Zinciri | Kritik

ProcessHollowingLoader 2eac9624 PE32+ x64 1.5MB. D:\Users\virtual\Malware\projects\cool project lol PDB OPSEC hatasi. NtUnmapViewOfSection SetThreadContext process hollowing. Benign GUI resourceMZ enjeksiyon debug kaniti. LoaderBootstrap.dll zincir.

Read Report →