Threat Database Malware SoulSearcher Malware

SoulSearcher Malware

The SoulSearcher Malware is a critical level threat that is being utilized actively by a so-far unidentified threat actor. The hacker group appears to have access to a significant amount of resources, a potential indicator of being state-sponsored. As for the SoulSearcher threat itself, it is a second-stage component tasked with the delivery of end-stage payloads onto the compromised systems. 

According to a report, SoulSearcher and its associated framework of Soul malware modules date back to 2017. Back then, the threats were based on other open-source malware, such as the Gh0st RAT and NetBot. However, the cybercriminals quickly began showing their considerable expertise in the field, by reworking their arsenal of threatening tools. As a result of the active development, the threats evolved rapidly and are now equipped with an expanded range of intrusive features. The SoulSearcher variants released since 2020 have been described as especially intricate. 

The SoulSearcher dropper changed its behavior from delivering the fetched payload modules to the disk, to storing it in the Registry and subsequently loading it into the memory entirely. Its capabilities also grew significantly - the latest versions can load up to four different corrupted modules from the Registry, compared to just one in the earlier SoulSearcher's variants. 

The researchers believe that their current findings are just on the surface level and fully expect the threat actor to actually possess an even bigger threatening toolkit.  

Trending

Most Viewed

Loading...