MASQLOADER

Description

(Trend Micro) The first observed loading method used to execute COBEACON payloads is via MASQLOADER, a DLL side-loaded loader. This loader component decrypts its payload using a substitution cipher, where the encrypted payload contains 1-3 character strings that has a hex value equivalent based on MASQLOADER’s substitution table.

Names

Name
MASQLOADER

Type

Loader

Information

https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html

Other Information

Uuid

0b20666a-9fc2-48e9-b52d-96645879c137

Last Card Change

2025-04-21

Threat Intelligence Garden

Explorer

MASQLOADER

MASQLOADER

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks