The Intricate Evolution of SoulSearcher Loader for Multi-Stage Malware Execution

Threat Level – Amber | Vulnerability Report
Download PDF

SoulSearcher is a second-stage loader that has been seen in the wild since October 2017, and it is responsible for executing the Soul module payload and parsing its configuration. The samples found in the wild are all DLLs that follow a similar flow of operation, but with differences in the type and location of the configuration passed to the payload.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox