New Wave of SquidLoader Malware Targeting Financial Institutions
July 21, 2025, 12:59 p.m.
Description
A sophisticated malware campaign is targeting financial services in Hong Kong with SquidLoader, a highly evasive malware that deploys Cobalt Strike Beacon for remote access. The malware exhibits advanced anti-analysis, anti-sandbox, and anti-debugging techniques, achieving near-zero detection rates on VirusTotal. The attack chain is complex and poses a significant threat to targeted organizations. The analysis provides detailed technical insights into SquidLoader's features and indicators of compromise, including SHA256 hashes for samples found in Hong Kong, Singapore, China, and Australia. The campaign utilizes multiple command and control servers, primarily mimicking Kubernetes API endpoints.
Tags
Date
- Created: July 21, 2025, 12:03 p.m.
- Published: July 21, 2025, 12:03 p.m.
- Modified: July 21, 2025, 12:59 p.m.
Indicators
- bb0f370e11302ca2d7f01d64f0f45fbce4bac6fd5613d8d48df29a83d382d232
- b2811b3074eff16ec74afbeb675c85a9ec1f0befdbef8d541ac45640cacc0900
- a244bfcd82d4bc2de30fc1d58750875b638d8632adb11fe491de6289ff30d8e5
- 9dae4e219880f0e4de5bcba649fd0741e409c8a56b4f5bef059cdf3903b78ac2
- 6960c76b624b2ed9fc21546af98e1fa2169cd350f37f6ca85684127e9e74d89c
- 34d602d9674f26fa2a141c688f305da0eea2979969f42379265ee18589751493
- 2d371709a613ff8ec43f26270a29f14a0cb7191c84f67d49c81d0e044344cf6c
- 47.116.178.227
- 39.107.156.136
- 8.140.62.166
- 38.55.194.34
- 121.41.14.96
- http://8.140.62.166/api/v1/namespaces/kube-system/services
- http://47.116.178.227:443/api/v1/namespaces/kube-system/services
- http://47.116.178.227/api/v1/namespaces/kube-system/services
- http://39.107.156.136/api/v1/namespaces/kube-system/services
- http://121.41.14.96/api/v1/namespaces/kube-system/services
- http://38.55.194.34/api/v1/namespaces/kube-system/services
Additional Informations
- Finance
- Hong Kong
- Singapore
- Australia
- China