SYMBOLCOMMON_NAMEaka. SYNONYMS
win.count_loader (Back to overview)

CountLoader

According to Silent Push, this malware exists in multiple versions, including .NET, PowerShell, and JScript. They believe it is part of an IAB toolset or used by a affiliate with ties to LockBit, BlackBasta, and Qilin ransomware groups. CountLoader was also recently used in a PDF-based phishing lure targeting individuals in Ukraine, in a campaign that impersonated the Ukrainian police.

References
2025-09-18Silent PushSilent Push
CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions
CountLoader

There is no Yara-Signature yet.