BLOODALCHEMY is an x86 backdoor written in C and found as shellcode injected into a signed benign process. It was discovered in our analysis and is part of the REF5961 intrusion set, which you can read about here.
BLOODALCHEMY requires a specific loader to be run because it isn’t reflexive (it doesn’t have the capability to load and execute by itself).…