SodaMaster (Malware Family)
By Fraunhofer FKIE
Archived: 2026-04-06 15:38:16 UTC
This is a RAT that is usually loaded with one or more shellcode and/or reflective DLL injection techniques. The
RAT uses RC4 or a hardcoded RSA key for traffic encryption/decryption. Its communication can either happen via
a raw TCP socket or a HTTP POST request. Depending on the version, the RAT may remotely execute DLLs or
shellcode.
[TLP:WHITE] win_sodamaster_auto (20241030 | Detects win.sodamaster.)
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.sodamaster
https://malpedia.caad.fkie.fraunhofer.de/details/win.sodamaster
Page 1 of 1