ResourceDropper

PE64 resource dropper. FindResourceA+LoadResource+LockResource payload extraction from PE resource section. InternetOpenA+InternetOpenUrlA HTTP second-stage download. CryptGenRandom random filename for AV evasion. CreateProcessA payload execution.

Threat Profile
Type Loader
Programming LanguageC/C++
C2 ProtocolHTTP
First Seen2024
Targets Küresel
Purpose / Capabilities
  • PE Resource Dropper
No C2 servers have been identified for this family yet.

Research Reports (1)

Medium

ResourceDropper 9ef1cd4c -- FindResourceA LoadResource LockResource PE Gizli Kaynak Paylod, InternetOpenA InternetOpenUrlA HTTP Indirme, CryptAcquireContextA CryptGenRandom Rastgele Dosya Adi | Orta

ResourceDropper 9ef1cd4c PE32+ x64 141KB. FindResourceA+LoadResource+LockResource PE kaynak payload. InternetOpenA+InternetOpenUrlA HTTP indirme. CryptAcquireContextA+CryptGenRandom rastgele dosya adi. CreateProcessA.

Read Report →