One of the most exciting aspects of malware analysis is coming across a family that is new or rare to the reversing community. Determining the function of the malware, who created it, and the reasons behind it become a mystery to solve. The previously unseen dropper variant FortiGuard Labs researchers recently found, named MidgeDropper, has a complex infection chain that includes code obfuscation and sideloading, making it an interesting use case.
Although FortiGuard Labs researchers couldn’t obtain the final payload, this blog will still explore what makes this dropper tick.
Source: FortiGuard Labs