: It is known to inject malicious code into legitimate Windows processes like svchost.exe to operate stealthily in memory.
: It modifies registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run and Winlogon to ensure it restarts every time the computer boots. Forensic Indicators (IOCs) Soft.exe
Nuclear Exploit Kit (EK), cracked software, or malicious torrents File encryption (Ransomware) or theft of crypto-wallet data Detection High malicious score (100/100) in automated analysis Threat Roundup for August 12 to August 19 : It is known to inject malicious code
: It has been documented as a downloader for Locky ransomware and has appeared in campaigns involving the RagnarLocker threat group. According to analysis from Joe Sandbox and Hybrid
According to analysis from Joe Sandbox and Hybrid Analysis , typical indicators include: : E4272FB1E61D3D995EEA488931E815AF . File Paths : Often found in %TEMP% or on the %DESKTOP% .