EdgeAutoUpdater
A fileless loader disguised as an Edge update that deploys rootkits and ransomware.
AuRAT
Aurat is a stealthy C++ backdoor featuring API hashing, AES-128 encrypted C2, and process injection targeting svchost.exe.
Gamaredon
Technical analysis of a **Gamaredon** HTA dropper. The malware executes a multi-stage infection chain (HTA ->VBS -> powerShell) that abuses legitimate tunneling services (Microsoft Dev Tunnels, Cloudflare) to evade detection and exfiltrate system data.
Holycat
A deep dive into HolyCat Ransomware, a Rust binary that encrypts user files with the .HC extension. The analysis uncovers its reliance on Discord for key exfiltration and dissects the cryptographic routine used to destroy victim data.
The Payload
This report provides a technical analysis of a multi-stage Windows network worm designed to propagate laterally across local area networks. The malware's architecture is centered on the `OLE/COM` subsystem, leveraging functions exported by **ole32.dll** to orchestrate its later stages. Its primary objective is to achieve widespread infection within the `192.168.1.0/24` subnet by exploiting open Server Message Block (SMB) shares.




