216.73.216.169

Inside Shanya, a packer-as-a-service fueling modern attacks

· Published 07/12/2025 14:07 · Modified 21/12/2025 18:41

Export JSON

Essential information

Published
07/12/2025 14:07
Modified
21/12/2025 18:41
Tags
2025-12-07 akira bumblebee castlerat chuchuka crypter crytox dll sideloading edr killer evasion lumma medusa packer-as-a-service qilin ransomware stealc wht downloader
Related entities
7 vulnerabilities (cve), 5 observables, 1 intrusion sets (apt), 7 techniques (mitre), 10 malware, 7 others

Description

The Shanya is a new offering gaining popularity among groups. It features advanced capabilities like non-standard module loading, unique stubs for each customer, AMSI bypass, anti-VM measures, and runtime protection. Early samples contained revealing artifacts, but later versions became more sophisticated. The packer has been used to deliver various malware families including an and . It employs techniques like API hashing, anti-analysis checks, and to evade detection. The variant targets numerous security products and has been used in operations by groups like , , and . A case study of distribution using Shanya to target hotels is also presented.

External references