A new Go-based malware loader called CherryLoader has been discovered by threat hunters. Downloaded along with the RAR file is an executable (“main.exe”) that’s used to unpack and launch the Golang binary.
“CherryLoader is newly identified multi-stage downloader that leverages different encryption methods and other anti-analysis techniques in an attempt to detonate alternative, publicly available privilege escalation exploits without having to recompile any code,” the researchers concluded.