LittleDaemon

According to ESET Research, LittleDaemon is the first stage deployed on the victim’s machine through hijacked updates. It was observed in both DLL and executable versions, both of them 32-bit PEs. The main purpose of LittleDaemon is to communicate with the hijacking node to obtain the downloader that we call DaemonicLogistics. LittleDaemon does not establish persistence.

Family metadata imported from Malpedia (Fraunhofer FKIE).