PSStager

PowerShell stager GARDEN.ps1. locationPhysicians4230.Su C2 Soviet ccTLD. AES encrypted base64 embedded payload. HKLM Run key persistence. socket buffer 8192 reverse shell config. WinEvent dead code anti-analysis.

Threat Profile
Type Loader
Programming LanguagePowerShell
C2 ProtocolHTTPS/TCP
First Seen2023
Targets Küresel
Purpose / Capabilities
  • Loader/Reverse Shell
No C2 servers have been identified for this family yet.

Research Reports (1)

High

PSStager GARDEN.ps1 -- locationPhysicians4230.Su Su TLD C2 Domain, AES Sifreli Base64 Blob Gömülü Payload, HKLM Run Key Kalicilik, Socket Buffer 8192 Reverse Shell Konfigürasyonu, WinEvent Dead Code Anti-Analiz | Yüksek

PSStager GARDEN.ps1 1MB PowerShell. locationPhysicians4230.Su Su TLD C2. AES sifreli base64 blob gömülü payload. HKLM Run key kalicilik. socket buffer 8192 reverse shell. WinEvent dead code anti-analiz.

Read Report →