⚠️ 𝗡𝗲𝘄 𝗦𝘁𝗮𝗴𝗲𝗿 𝗟𝗲𝗮𝗱𝗶𝗻𝗴 𝘁𝗼 𝗥𝗔𝗧 𝗗𝗲𝗽𝗹𝗼𝘆𝗺𝗲𝗻𝘁: 𝗗𝗲𝘁𝗲𝗰𝘁 𝗜𝘁 𝗘𝗮𝗿𝗹𝘆
We caught #RUTSSTAGER, a malware that stores a DLL in the Windows registry in hexadecimal form, hiding the payload and delaying detection. In the observed chain, the stager delivered #OrcusRAT, followed by a supporting binary that maintains persistence, uses PowerShell for system checks, and restarts the RAT process.

✅ In the #ANYRUN Sandbox, behavioral analysis and file system monitoring exposed the full execution chain. Process synchronization events revealed coordination between the stager and its payload, helping confirm multi-stage malware activity early.

👾 See the analysis session and collect #IOCs to speed up detection and response: https://app.any.run/tasks/b357aa61-29d5-4c7f-87f8-359281319a72/?utm_source=mastodon&utm_medium=post&utm_campaign=rutsstager&utm_term=050326&utm_content=linktoservice

🔍 Pivot from indicators and subscribe to Query Updates to proactively track evolving attacks: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rutsstager&utm_content=linktotilookup&utm_term=050326#%7B%2522query%2522:%2522registryName:%255C%2522%5Erutsdll32$%255C%2522%2522,%2522dateRange%2522:180%7D

👨‍💻 Learn how #ANYRUN Sandbox helps SOCs detect complex threats and contain incidents faster: https://any.run/features/?utm_source=mastodon&utm_medium=post&utm_campaign=rutsstager&utm_term=050326&utm_content=linktosandboxlanding