We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win64/Shaolaod
Aliases: No associated aliases
Summary
Trojan:Win64/Shaolaod is a modular payload loader observed in the same malvertising campaign as Behavior:Win32/Eldorado. After the initial GitHub-delivered malware establishes a foothold, Shaolaod is responsible for deploying and running additional malicious payloads. These payloads often include information stealers (such as Lumma Stealer or Doenerium) and NetSupport remote access tools.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
