According to Tony Lambert, this is a malware written in .NET. It was observed to be delivered using the .NET Single File deployment feature.
|2022-08-07 ⋅ forensicitguy ⋅ |
Analyzing .NET Core Single File Samples (DUCKTAIL Case Study)
|2022-07-26 ⋅ WithSecure ⋅ |
DUCKTAIL: An infostealer malware targeting Facebook Business accounts
There is no Yara-Signature yet.