SYMBOLCOMMON_NAMEaka. SYNONYMS
win.castleloader (Back to overview)

CASTLELOADER

CastleLoader payloads are distributed as portable executables containing an embedded shellcode, which then invokes the main module of the loader that, in turn, connects to the C2 server in order to fetch and execute the next-stage malware.

References
2025-07-23CatalystCatalyst
Understanding Current CastleLoader Campaigns
CASTLELOADER

There is no Yara-Signature yet.