SYMBOLCOMMON_NAMEaka. SYNONYMS
win.unidentified_120 (Back to overview)

Unidentified 120

According to Deutsche Telekom CERT, this malware unpacks an obfuscated, multi-stage shellcode payload. After unpacking, a password prompt is displayed to the user. The password is provided to the victim and used to decrypt the final stage payload.

References
2025-02-14Twitter (@DTCERT)Deutsche Telekom CERT
Twitter Thread on a password-protected loader observed in a vishing campaign
Unidentified 120

There is no Yara-Signature yet.