SYMBOLCOMMON_NAMEaka. SYNONYMS
win.kugelblitz (Back to overview)

KugelBlitz

Actor(s): HAZY TIGER

According to Threatray, KugelBlitz is a shellcode loader discovered in late 2024. It loads shellcode into memory from a file specified via command line. If no file is specified, it defaults to run.bin.

References
2025-06-04ThreatrayAbdallah Elshinbary, Jonas Wagner, Konstantin Klinger, Nick Attfield
The Bitter End: Unraveling Eight Years of Espionage Antics – Part Two
AlmondRAT AlmondRAT Artra Downloader BDarkRAT Havoc KiwiStealer KugelBlitz MiyaRAT ORPCBackdoor WmRAT ZxxZ

There is no Yara-Signature yet.