StripedFly: Perennially flying under the radar
SecureList
OCTOBER 25, 2023
If the PowerShell is not present, the malware generates a hidden file with MZ-PE loader with a randomized name located in % APPDATA % directory. If administrative rights are present, its ether executes a PowerShell script that creates two task scheduler entries with GUID-like names and with different triggers.
Let's personalize your content