Skip to content
MalwareWiki

Loader

CASTLELOADER

CastleLoader payloads are distributed as portable executables containing an embedded shellcode, which then invokes the main module of the loader that, in turn, connects to the C2 server in order to fe

CASTLELOADER is a Windows loader.

Background

CastleLoader is delivered as portable executables that carry embedded shellcode. The shellcode calls the loader's main module, which then reaches out to the C2 server to retrieve and run the next-stage payload.

Source: Malpedia (Fraunhofer FKIE).