SYMBOLCOMMON_NAMEaka. SYNONYMS
win.ssload (Back to overview)

SSLoad

Actor(s): TA578


SSLoad is a Rust-based downloader that first emerged in January 2024 and is used to deliver secondary payloads. Early versions of the malware used a first-stage DLL that connected to a Telegram channel named 'SSLoad' to retrieve another URL. It then downloaded a compressed PE file using a hardcoded User-Agent (SSLoad/1.x) and Content-Type over HTTP. The downloaded file was then decompressed and executed directly in memory. The malware has since undergone several updates, including changes to the command-and-control (C2) communication and the supporting executables that load the malware. Recent versions of the malware bypass the first-stage DLL by loading SSLoad directly onto the victim's machine.

References
2024-04-24SecuronixDen Iyzvyk, Oleg Kolesnikov, Tim Peck
Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover
Cobalt Strike SSLoad
2024-04-16paloalto Netoworks: Unit42paloalto Networks: Unit42
ContactForms campaign pushing SSLoad malware
SSLoad
2024-04-11paloalto Netoworks: Unit42paloalto Networks: Unit42
Contact Forms Campaign Pushes SSLoad Malware
SSLoad
2024-01-09Anonymous
SSLoad
SSLoad

There is no Yara-Signature yet.