Olymp Loader: A new Malware-as-a-Service written in Assembly

Sept. 29, 2025, 8:58 a.m.

Description

Olymp Loader is a recently emerged Malware-as-a-Service offering advertised on underground forums since June 2025. Developed by a team called OLYMPO, it's written in assembly language and marketed as fully undetectable. The loader executes other malware on victim systems and provides built-in stealer modules for browsers, Telegram, and crypto wallets. It enables rapid feature updates and fast adoption by cybercriminals. The malware has evolved from an initial botnet concept to focus on loader and crypter functionalities. Distribution methods include disguising as legitimate software and using other malware like Amadey as initial access. Post-infection payloads primarily include credential stealers and remote access tools.

External References

https://outpost24.com/blog/olymp-loader-a-new-malware-as-a-service/
https://otx.alienvault.com/pulse/68da3df06737479fcd9566b9
Tags
loader
lummac2
stealer
amadey
malware-as-a-service
telegram
evasion techniques
crypter
raccoon
underground forums
2025-09-29
qasarrat
webrat
olymp loader
assembly

Date

  • Created: Sept. 29, 2025, 8:06 a.m.
  • Published: Sept. 29, 2025, 8:06 a.m.
  • Modified: Sept. 29, 2025, 8:58 a.m.

Indicators

  • ee1e27a01b884099a614b8eee78cdb1dd02ffecd6ed9f6a54b7b567b9eab979f
  • d167a0c6fdba1175b67f10daf4be218b4d8adf2f81280ba5d1510228a4321bca
  • c465c1ac750e80ffb4020ec085528ca520b4fca587710ae1a5937bc88e5ad22c
  • 9d5d474791793300a273c5b6e522c7c3acd6fbb26c4da0421d4ef695c82f3fa5
  • 9464a2a1fb53b3a8c783ee4b55bba69cbb74a841f0d06f0cef86a93d607be5ae
  • 880461fa8d4187fe3ee5bb5fbbbb98b3973e778d8ef22638cd26aec98b1f971b
  • 7bc217f0ee12266d42812af436f494caf599c0705242457a581f64d4eb508904
  • 59b143fd884f8450cf5161954ebf38dbd9c951ecdb13de5e1f6aea01a9f92201
  • 561809b0c9c67b7d48712ab9e53cf5cc137b94d5a2d8bc65314a2db4c23df99d
  • 446c7b9ff49c7c0b8ae02b720054e4f09ef60475c92a5d7f2e2b2bdb4ca5de23
  • 14e4884288c1740d5a4b67ac83a890000c3b92f945139b2433bf9746acd14f9b
  • 048701ffc9b7ccfe4228bfaaa0b98a0518f02c6325c7f59365f863eccb65aa6d
  • 02eb774341d84b8c83b448186f3de8db139c52bea2376fec0ac88c7112186fd2
  • 01562cd36b61d517959fdbe5beaef9e1e9462be292c74a49b36a30057d09bc2c
  • https://jjf.life/OpenSSL/ZoomClientSetup.exe
  • https://classic-offensive.com/Installer.zip
  • http://jjf.life/OpenSSL/build.exe
  • http://fastdownloads.live/dl/putty.exe
  • olympl.top
Download all indicators here!

Attack Patterns

  • QasarRAT
  • WebRAT
  • Olymp Loader
  • Amadey - S1025
  • Raccoon
  • LummaC2
  • OLYMPO