The Intricate Evolution of SoulSearcher Loader for Multi-Stage Malware Execution

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

SoulSearcher is a second-stage loader that has been seen in the wild since October 2017, and it is responsible for executing the Soul module payload and parsing its configuration. The samples found in the wild are all DLLs that follow a similar flow of operation, but with differences in the type and location of the configuration passed to the payload.