Executive Summary This analysis represents the second instalment in a comprehensive examination of the KorPlug malware family. Previous reporting detailed the initial loading vector utilising DLL side-loading techniques against legitimate utilities to achieve code execution. The second-stage payload executes via a designated entry point function. Static analysis of the binary| RevEng.AI Blog
Executive Summary In late May 2025, RevEng.AI identified a new sample of KorPlug (a.k.a Hodur) —a well-known Remote Access Trojan (RAT) frequently leveraged in targeted cyber-espionage campaigns—uploaded to a third-party file-scanning platform. This report is the first in a three-part series detailing a malware campaign involving| RevEng.AI Blog