The Intricate Evolution of SoulSearcher Loader for Multi-Stage Malware Execution
The Intricate Evolution of SoulSearcher Loader for Multi-Stage Malware Execution
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
SoulSearcher is a second-stage loader that has been seen in the wild since October 2017, and it is responsible for executing the Soul module payload and parsing its configuration. The samples found in the wild are all DLLs that follow a similar flow of operation, but with differences in the type and location of the configuration passed to the payload.