IMAPLoader

Description

(PWC) IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads. It uses email as a C2 channel and is able to execute payloads extracted from email attachments and is executed via new service deployments.

Names

Name
IMAPLoader

Category

Malware

Type

• Reconnaissance
• Backdoor
• Downloader

Information

• https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html

Mitre Attack

• https://attack.mitre.org/software/S1152

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.imap_loader

Other Information

Uuid

5f8ee245-6943-4152-8f38-0c470d853b47

Last Card Change

2024-12-27