SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.eugenloader (Back to overview)

EugenLoader

aka: FakeBat, NUMOZYLOD, PaykLoader

Actor(s): APOTHECARY SPIDER, Storm-1113


A loader written in Powershell, usually delivered packaged in MSI/MSIX files.

References
2024-08-13GoogleGoogle
Finding Malware: Unveiling NUMOZYLOD with Google Security Operations
EugenLoader UNC4536
2024-07-02SekoiaQuentin Bourgue
Exposing FakeBat loader: distribution methods and adversary infrastructure
BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar
2023-12-30Rewterz Information SecurityRewterz Information Security
Rewterz Threat Alert – Widely Abused MSIX App Installer Disabled by Microsoft – Active IOCs
EugenLoader POWERTRASH BATLOADER DarkGate FlawedGrace NetSupportManager RAT SectopRAT Storm-0506
2023-12-12eSentireRob Pittman
Unraveling BatLoader and FakeBat
EugenLoader
2023-02-28Intel 471Intel 471
Malvertising Surges to Distribute Malware
EugenLoader BATLOADER IcedID

There is no Yara-Signature yet.