← Back to Pulse Feed
PULSE DETAIL
LegionLoader, also known as Satacom, CurlyGate, and RobotDropper, is an active downloader that has been operating in the shadows, gained significant traction in recent months, quietly amassing over 2,000 samples in just a matter of weeks. VirusTotal (VT) retro-hunting and live-hunting have allowed us to uncovered an ongoing campaign using LegionLoader that appears to have kicked off on December 19, 2024.
MITRE ATT&CK & Malware Families
Indicators of Compromise (134)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://elitenewapp.monster/ | — | 2025-02-04 | |
| URL | https://topgrandapp.monster/ | — | 2025-02-04 | |
| FileHash-MD5 | 0137c0f33db7427db32f4f24827a8016 | MD5 of 4c2c0de6474c17486e5abe2323da0abe4af395a89d0cc46994265ca7719e4ccc | 2025-02-04 | |
| FileHash-MD5 | 0b5d9b80c9bbee71482202720d1bbc3a | — | 2025-02-04 | |
| FileHash-MD5 | 269f7cb81ed6d7e9c1794414d6ebc4e7 | MD5 of 82eda9820fc42229b2f75d075ef34d11d1b4feb598983640226770c5e2cf8475 | 2025-02-04 | |
| FileHash-MD5 | 3f86649d211a7faea0cf75296e3ed3c8 | — | 2025-02-04 | |
| FileHash-MD5 | 4756fa2af7d98078f29911d5ffc90ec7 | — | 2025-02-04 | |
| FileHash-MD5 | 4f865cc0fc61a8ae23cc59848a1bbda7 | MD5 of 038cbe87c4ddb39e7c7accc95d221950d96f2adb0649acaaea60258255c203a6 | 2025-02-04 | |
| FileHash-MD5 | 503c7360ab382c2c6d3e990bb67b389d | MD5 of e69a7a881daca7637220d0407454e678ef3a9cf373406b363179f002acd8144d | 2025-02-04 | |
| FileHash-MD5 | 63ae890faf14d8a5c2e43654584c9664 | MD5 of 1a43da62d09a56f50e2797cffb77001027461a6b5ef0713c63d96c60bf8ecadd | 2025-02-04 | |
| FileHash-MD5 | 70a9a5c89b0bb7b8a61515131e3d49f0 | — | 2025-02-04 | |
| FileHash-MD5 | 76dff166148ec7f9d05a1592a9484c01 | MD5 of eaaec1cc3ee9a3d590d17c73ab7b174354c1c7be13d26026891424289d0c57fe | 2025-02-04 | |
| FileHash-MD5 | 87d5c7bc89c56cbbf79afbd195e1666a | MD5 of 23d0db70ba7848789fa117d25f2e94936cf06e58a03fc36647defdd91bf6f1ca | 2025-02-04 | |
| FileHash-MD5 | 908431381d588caea53a651679dacee8 | — | 2025-02-04 | |
| FileHash-MD5 | 91f3ac3f3849c6b7d97ab5b7562a5627 | MD5 of d43590b090ac1ece44ded29b03301323958e344394e94c439999f6a2d0648c53 | 2025-02-04 | |
| FileHash-MD5 | 964ac63249ff18cb510de0f5fcb19255 | MD5 of f1064a9546766a69b2df901a0d9df31d31b01c6507cf614ef3ab73f5869af524 | 2025-02-04 | |
| FileHash-MD5 | 97a42de72ada85aaa4198559779b58b0 | — | 2025-02-04 | |
| FileHash-MD5 | a7a7c8193e0756a85269c58c8b7fbf2e | MD5 of a6b5759a273fd6df4dcb0f5c82935b4b60a6f28bfb4d69b6c7c503c8614c39d0 | 2025-02-04 | |
| FileHash-MD5 | be06ce0c5e2e80bbca434c894e3da133 | MD5 of cd0a77c945f9eb2a8e0cc7b16f00b8426b737618da06df7e65c1913eefbcc18b | 2025-02-04 | |
| FileHash-MD5 | cc041f6ca77fbb37f083e557ed051055 | MD5 of cd72eaba97bb94947529a1e652e2d1cc7197b6224e00bf39e55ad634b7e82047 | 2025-02-04 | |
| FileHash-MD5 | e7099e87e04daeb27ea4421c34c49b60 | MD5 of 66241b0c08194263eeb62bae9c4e8ef7e38bb447e671638c9c340d305e23af16 | 2025-02-04 | |
| FileHash-MD5 | f5d3ec64ca35214424673823c1e535e5 | MD5 of 17be6c8a4cf914056e5cb5d6a1d087069bd4c8d5a3ed104fefeace42c4fc6083 | 2025-02-04 | |
| FileHash-MD5 | f7e61f06fc606f68b1f8a6270752b832 | MD5 of 23f064df01ee9eedf9e1341185505b86148873ccc0a922c64bb085ceb5b091fc | 2025-02-04 | |
| FileHash-SHA1 | 14080e23ff278eae8e1c16ac0bdc54ec3db86e36 | SHA1 of 17be6c8a4cf914056e5cb5d6a1d087069bd4c8d5a3ed104fefeace42c4fc6083 | 2025-02-04 | |
| FileHash-SHA1 | 1f473c1f0392ba1aa323a4fa6cc296c5ff1eceb1 | SHA1 of 4c2c0de6474c17486e5abe2323da0abe4af395a89d0cc46994265ca7719e4ccc | 2025-02-04 | |
| FileHash-SHA1 | 1f9c66553b079f34990d691a2d3c54ff1cc4decd | SHA1 of 1a43da62d09a56f50e2797cffb77001027461a6b5ef0713c63d96c60bf8ecadd | 2025-02-04 | |
| FileHash-SHA1 | 20437caaa4517ed1bbfe07b47aa72fd249d4caa9 | SHA1 of 82eda9820fc42229b2f75d075ef34d11d1b4feb598983640226770c5e2cf8475 | 2025-02-04 | |
| FileHash-SHA1 | 40ea26cbe3313f8651b19e5bd97e332296ea22d7 | SHA1 of e69a7a881daca7637220d0407454e678ef3a9cf373406b363179f002acd8144d | 2025-02-04 | |
| FileHash-SHA1 | 67f930207515ef5ec6550e2d63fc9e4c98e81333 | SHA1 of eaaec1cc3ee9a3d590d17c73ab7b174354c1c7be13d26026891424289d0c57fe | 2025-02-04 | |
| FileHash-SHA1 | 77a5fbef515fcb2baae879a3dedd757fcc3412a8 | SHA1 of 23f064df01ee9eedf9e1341185505b86148873ccc0a922c64bb085ceb5b091fc | 2025-02-04 | |
| FileHash-SHA1 | 77ac7e4b25df732c8333b7332d5590b9a893f514 | SHA1 of 66241b0c08194263eeb62bae9c4e8ef7e38bb447e671638c9c340d305e23af16 | 2025-02-04 | |
| FileHash-SHA1 | 8077203aa10604e5cbaf48f30e091ee52d9082ef | SHA1 of 23d0db70ba7848789fa117d25f2e94936cf06e58a03fc36647defdd91bf6f1ca | 2025-02-04 | |
| FileHash-SHA1 | 815c64177cb79c0fe9a2c48c5d2002275c97b19c | SHA1 of a6b5759a273fd6df4dcb0f5c82935b4b60a6f28bfb4d69b6c7c503c8614c39d0 | 2025-02-04 | |
| FileHash-SHA1 | 8d2b4373e55eee815b0479004a304d7f54e2d8ae | SHA1 of cd72eaba97bb94947529a1e652e2d1cc7197b6224e00bf39e55ad634b7e82047 | 2025-02-04 | |
| FileHash-SHA1 | a31767b17b928b77075499a516a792c51b9b424f | SHA1 of cd0a77c945f9eb2a8e0cc7b16f00b8426b737618da06df7e65c1913eefbcc18b | 2025-02-04 | |
| FileHash-SHA1 | ed6e109b22693158f77d0ec55f5c1345aaeb4e3b | SHA1 of d43590b090ac1ece44ded29b03301323958e344394e94c439999f6a2d0648c53 | 2025-02-04 | |
| FileHash-SHA1 | f74e6b2283d72771b2917981ea4537b4f244dda8 | SHA1 of f1064a9546766a69b2df901a0d9df31d31b01c6507cf614ef3ab73f5869af524 | 2025-02-04 | |
| FileHash-SHA1 | f82bd3fcaa544b51d41a4ab5f54f7229c09383e5 | SHA1 of 038cbe87c4ddb39e7c7accc95d221950d96f2adb0649acaaea60258255c203a6 | 2025-02-04 | |
| FileHash-SHA256 | 038cbe87c4ddb39e7c7accc95d221950d96f2adb0649acaaea60258255c203a6 | — | 2025-02-04 | |
| FileHash-SHA256 | 082a0596b474806cc0ea58c4f7067a4f1166dbb4aa1800bc58af6f99f1209a4a | — | 2025-02-04 | |
| FileHash-SHA256 | 17be6c8a4cf914056e5cb5d6a1d087069bd4c8d5a3ed104fefeace42c4fc6083 | — | 2025-02-04 | |
| FileHash-SHA256 | 1a43da62d09a56f50e2797cffb77001027461a6b5ef0713c63d96c60bf8ecadd | — | 2025-02-04 | |
| FileHash-SHA256 | 1f8ec7a76f4486fdff94743275b2d65e1e4c871f7f933ed5c65c1dfca22909be | — | 2025-02-04 | |
| FileHash-SHA256 | 21d325a59140755b3cf6b075d5e157f37c2771deb29ae7756092fa8978209f77 | — | 2025-02-04 | |
| FileHash-SHA256 | 23d0db70ba7848789fa117d25f2e94936cf06e58a03fc36647defdd91bf6f1ca | — | 2025-02-04 | |
| FileHash-SHA256 | 23f064df01ee9eedf9e1341185505b86148873ccc0a922c64bb085ceb5b091fc | — | 2025-02-04 | |
| FileHash-SHA256 | 27e48b5e7925fdc17bef8b7efb8576ee336dbfba31b5f3296bfa9d33c906e385 | — | 2025-02-04 | |
| FileHash-SHA256 | 2eae05e829f353c9a8d01683187eb759dbf73f90ccd435f03d46761b03247fbd | — | 2025-02-04 | |
| FileHash-SHA256 | 3938e304ddb11dc02b514e10daa2810bc91fd963e007f5bfba789846e08c6b8e | — | 2025-02-04 | |
| FileHash-SHA256 | 3cef8d18c88ce83def2de23338bec8853b1f893d80e1fb591b4da349e6492309 | — | 2025-02-04 | |
| FileHash-SHA256 | 41c1006feead9af3e9a563e2814acc8550d36b991e0998015cee00ebb0ac4e85 | — | 2025-02-04 | |
| FileHash-SHA256 | 4233600651fb45b9e50d2ec8b98b9a76f268893b789a425b4159675b74f802aa | — | 2025-02-04 | |
| FileHash-SHA256 | 4707b17284e0bdbb92d915e66a8fe4dff18441c958a5230c786d5af6fa05b4bd | — | 2025-02-04 | |
| FileHash-SHA256 | 49c74021ab818ff7a07c184c920585b96000e9079d5beaed3a3dc0ed2fd4834b | — | 2025-02-04 | |
| FileHash-SHA256 | 4c2c0de6474c17486e5abe2323da0abe4af395a89d0cc46994265ca7719e4ccc | — | 2025-02-04 | |
| FileHash-SHA256 | 4c3772e12e710645341f18015c05f67e8f320dd13a4259eff05dacca4c664244 | — | 2025-02-04 | |
| FileHash-SHA256 | 4df98a4f9ecacf1f1676814ad5980dd94d7d33ce4b7d9aec9d96f3c3ea602363 | — | 2025-02-04 | |
| FileHash-SHA256 | 5b790d2d085d2498aa63822812562acc256a26febae6cc78563ba656eb9d0c1f | — | 2025-02-04 | |
| FileHash-SHA256 | 5f01f481065fefdf0c34c7f1e0a5dd527857962dae46bcbddb4a2b941bf5a3dc | — | 2025-02-04 | |
| FileHash-SHA256 | 66241b0c08194263eeb62bae9c4e8ef7e38bb447e671638c9c340d305e23af16 | — | 2025-02-04 | |
| FileHash-SHA256 | 74ed663ad5369aed6f784d601c1755bbb12ab5df4c5111599332b1bf057d8fe9 | — | 2025-02-04 | |
| FileHash-SHA256 | 75cdf91e7f10807b81e9cc9754dc37d447d46912537f585e6f6b3e2a84fdb7df | — | 2025-02-04 | |
| FileHash-SHA256 | 76cbe366ea370235dfea2d72378f9d946e49370b4c7bac58e99073e117062e1f | — | 2025-02-04 | |
| FileHash-SHA256 | 77bbf883dc365ca72fa4e5cd203055a2e14787fc363fbf3409ca266c0607185e | — | 2025-02-04 | |
| FileHash-SHA256 | 7e9d148d6ebcf927292bba0948ab4d006cb0667084a7f43c04ab7d7efcb9074b | — | 2025-02-04 | |
| FileHash-SHA256 | 8134948177ca6fc350b4c651f27137eaef8dabbb2daf9a1d0447bf1102cfd7d9 | — | 2025-02-04 | |
| FileHash-SHA256 | 82eda9820fc42229b2f75d075ef34d11d1b4feb598983640226770c5e2cf8475 | — | 2025-02-04 | |
| FileHash-SHA256 | 9cd58f52226fc376f837447d0c4ebed7b0473cc4166f9e8ad0265bbfd7ac4462 | — | 2025-02-04 | |
| FileHash-SHA256 | a6b5759a273fd6df4dcb0f5c82935b4b60a6f28bfb4d69b6c7c503c8614c39d0 | — | 2025-02-04 | |
| FileHash-SHA256 | b1cff28f26270779d53e14797430d77d9e44911976c916966e4ab2049aa5232e | — | 2025-02-04 | |
| FileHash-SHA256 | b59e172cda955322b0cbdc152f723b82eef222014a631dc3b1d8fe4144480374 | — | 2025-02-04 | |
| FileHash-SHA256 | b974015e21e86ca6c89545e86e69732d4dd6e41d588aeb31e4e112a6cd0e237f | — | 2025-02-04 | |
| FileHash-SHA256 | cd0a77c945f9eb2a8e0cc7b16f00b8426b737618da06df7e65c1913eefbcc18b | — | 2025-02-04 | |
| FileHash-SHA256 | cd72eaba97bb94947529a1e652e2d1cc7197b6224e00bf39e55ad634b7e82047 | — | 2025-02-04 | |
| FileHash-SHA256 | d1a0115f4afe30d9a973cb18bf95d34b67b2d548b4d49989fd0e36399dc562d0 | — | 2025-02-04 | |
| FileHash-SHA256 | d2bcc865d00890a3ba675dc1952c3470205dc9811d4fb354a0b44630879df7c7 | — | 2025-02-04 | |
| FileHash-SHA256 | d43590b090ac1ece44ded29b03301323958e344394e94c439999f6a2d0648c53 | — | 2025-02-04 | |
| FileHash-SHA256 | d8f2f667708a14734a20d7731ab659fa1ab23ddd25ee96ba4ca33fedf4b7c613 | — | 2025-02-04 | |
| FileHash-SHA256 | e69a7a881daca7637220d0407454e678ef3a9cf373406b363179f002acd8144d | — | 2025-02-04 | |
| FileHash-SHA256 | e88cb0e892537a1dfd7d7d7a4802caeee43d25f871602466a735df0eb5096eb3 | — | 2025-02-04 | |
| FileHash-SHA256 | eaaec1cc3ee9a3d590d17c73ab7b174354c1c7be13d26026891424289d0c57fe | — | 2025-02-04 | |
| FileHash-SHA256 | f1064a9546766a69b2df901a0d9df31d31b01c6507cf614ef3ab73f5869af524 | — | 2025-02-04 | |
| FileHash-SHA256 | f4f4dd8a1fca44d6d7c78da7dc5741b91250eabf8faae79604c786672ea2efb8 | — | 2025-02-04 | |
| URL | http://fatal-hit.com/front.php | — | 2025-02-04 | |
| URL | http://flash-hit.com/front.php | — | 2025-02-04 | |
| URL | http://flash3hit.com/front.php | — | 2025-02-04 | |
| URL | http://lamotionpicture.com/front.php | — | 2025-02-04 | |
| URL | http://vikincdesigns.com/front.php | — | 2025-02-04 | |
| URL | https://cleanactiveapp.monster/ | — | 2025-02-04 | |
| URL | https://dipsos-troak.com | — | 2025-02-04 | |
| URL | https://dipsos-troak.com/s/dl/AD6CXWf9YAUA0oICAEVTFwAMAAAAAABB/011258.7z | — | 2025-02-04 | |
| URL | https://dipsos-troak.com/s/dl/AF91XGf9YAUA0oICAEVTFwAMAAAAAACx/051247.7z | — | 2025-02-04 | |
| URL | https://eliteleaderapp.monster/ | — | 2025-02-04 | |
| URL | https://extragrandapp.monster/ | — | 2025-02-04 | |
| URL | https://freeleaderapp.monster/ | — | 2025-02-04 | |
| URL | https://freepowerapp.monster/ | — | 2025-02-04 | |
| URL | https://getglobal.monster | — | 2025-02-04 | |
| URL | https://linefreeapp.monster | — | 2025-02-04 | |
| URL | https://runstarapp.monster/ | — | 2025-02-04 | |
| URL | https://safegrandapp.monster/ | — | 2025-02-04 | |
| URL | https://safepowerapp.monster/ | — | 2025-02-04 | |
| URL | https://saveactiveapps.monster/ | — | 2025-02-04 | |
| URL | https://sendspeed.monster/ | — | 2025-02-04 | |
| URL | https://topstarapp.monster/ | — | 2025-02-04 | |
| URL | https://webabilityapp.monster/ | — | 2025-02-04 | |
| URL | https://webnewapp.monster/ | — | 2025-02-04 | |
| URL | https://webrecentapp.monster/ | — | 2025-02-04 | |
| YARA | a863df866b825f1862d3714714ec8882eb149266 | Legion Loader implementation of GetProcAddress | 2025-02-04 | |
| YARA | cd6eb7a014b5aa3c7ac9f26fc342094725951dea | The cryptographic diffuser of OBS.dll | 2025-02-04 | |
| domain | cleanactiveapp.monster | — | 2025-02-04 | |
| domain | dipsos-troak.com | — | 2025-02-04 | |
| domain | eliteleaderapp.monster | — | 2025-02-04 | |
| domain | elitenewapp.monster | — | 2025-02-04 | |
| domain | extragrandapp.monster | — | 2025-02-04 | |
| domain | fatal-hit.com | — | 2025-02-04 | |
| domain | flash-hit.com | — | 2025-02-04 | |
| domain | flash3hit.com | — | 2025-02-04 | |
| domain | freeleaderapp.monster | — | 2025-02-04 | |
| domain | freepowerapp.monster | — | 2025-02-04 | |
| domain | getglobal.monster | — | 2025-02-04 | |
| domain | lamotionpicture.com | — | 2025-02-04 | |
| domain | linefreeapp.monster | — | 2025-02-04 | |
| domain | mega.io | — | 2025-02-04 | |
| domain | runstarapp.monster | — | 2025-02-04 | |
| domain | safegrandapp.monster | — | 2025-02-04 | |
| domain | safepowerapp.monster | — | 2025-02-04 | |
| domain | saveactiveapps.monster | — | 2025-02-04 | |
| domain | sendspeed.monster | — | 2025-02-04 | |
| domain | topgrandapp.monster | — | 2025-02-04 | |
| domain | topstarapp.monster | — | 2025-02-04 | |
| domain | vikincdesigns.com | — | 2025-02-04 | |
| domain | webabilityapp.monster | — | 2025-02-04 | |
| domain | webnewapp.monster | — | 2025-02-04 | |
| domain | webrecentapp.monster | — | 2025-02-04 |
References (1)