Malware
HanGhost
According to ANY.RUN, this is a multi-staged loader that uses in-memory loaded .NET assembly code to download a PNG, from which the payload to be delivered is extracted.
According to ANY.RUN, this is a multi-staged loader that uses in-memory loaded .NET assembly code to download a PNG, from which the payload to be delivered is extracted.
Family metadata imported from Malpedia (Fraunhofer FKIE).