Skip to content
MalwareWiki

Malware

GEARSHIFT

According to FireEye, GEARSHIFT is a memory-only dropper for two keylogger DLLs.

GEARSHIFT is a Windows malware family operated by APT41.

Background

FireEye describes GEARSHIFT as a memory-only dropper that deploys two keylogger DLLs and is built to supplant a legitimate Fax Service DLL.

Source: Malpedia (Fraunhofer FKIE).