SYMBOLCOMMON_NAMEaka. SYNONYMS
win.leslieloader (Back to overview)

Leslieloader

Leslieloader is a loader written in Golang, named after the observed AES decryption key referencing deceased actor, Leslie Cheung. The loader assists in the initial infection and deployment of the malicious payload, enabling execution on a system. The loader achieves its goal by decoding and decrypting a secondary payload binary, then injecting it into another process.

References
2025-09-24The Hacker NewsRavie Lakshmanan
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
Cobalt Strike Leslieloader Pantegana SparkRAT Storm-2077
2024-03-13KrollMarc Messer
LESLIELOADER – Undocumented Loader Observed
Leslieloader

There is no Yara-Signature yet.