Blog.

Hey malware hunting friends! It’s Triage Thursday, and we’re here to spotlight the newest and sneakiest malware families out there.

Have you noticed any fresh threats this week? We have some new updates to share that will make defense much easier!

Feel free to share your thoughts and feedback with us at any time. Let’s check out the latest threats and explore our detection and extraction to effectively hunt them down!

New Families This Week

• Added detection for MaksRAT Java-based infostealer, Windows stealer

  • MaksRAT Analysis
    • 250516-k46wfssjz7
    • 250610-h17bps1tfz

• Added detection for Poseidon family, Linux backdoor

  • Poseidon Analysis
    • 250717-k34dyaxsc1
    • 250717-k341gawm13

• Added detection for SmartAssembly, Windows .NET packer

  • SmartAssembly Analysis
    • 250717-k39kysxsds
    • 250717-k39wqaxsdt

Updates for Existing Families

• Updated detection and extraction for Darkcloud v3.2

  • Darkcloud Analysis
    • 250620-z1m2havyf1
    • 250617-sm5k3aylt7

• Updated detection and extraction for SvcStealer and its PyInstaller version family

  • SvcStealer Analysis
    • 250717-k4sntsxses
    • 250717-k41pfaxsew

• Updated detection for Rhadamanthys stealer to detect its payload

  • Rhadamanthys Analysis
    • 250704-ha121aam7y
    • 250628-rr2vaswvay

• Updated detection for .NET Reactor, Windows .NET packer

  • .NET Reactor Analysis
    • 250717-k5g9gsbp7t
    • 250717-k5j33sbp7y

• Updated detection for WSHRAT, Windows stealer

  • WSHRAT Analysis
    • 250623-fhcy2axnv9
    • 250623-jalsraaq7z

If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.