SlipScreen (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.slip_screen (Back to overview)

SlipScreen

Actor(s): RomCom

According to Proofpoint, SlipScreen is a first stage loader and has variants written in Rust and in C++. Its crypter is updated for each campaign, making static detection difficult.

References

2025-06-30 ⋅ Proofpoint ⋅ David Galazin, Greg Lesnewich, Kelsey Merriman, Proofpoint Threat Research Team, Selena Larson
10 Things I Hate About Attribution: RomCom vs. TransferLoader
MeltingClaw RustyClaw ShadyHammock SlipScreen TransferLoader

There is no Yara-Signature yet.

SlipScreen Propose Change

References

SlipScreen