We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDropper:Win32/SplitLoader.A!dha
Aliases: No associated aliases
Summary
TrojanDropper:Win32/SplitLoader.A!dha is a high-risk trojan loader designed to circumvent security measures and deploy secondary payloads such as ransomware, spyware, or remote access trojans (RATs). SplitLoader infiltrates devices through weaponized software bundles, including fake utilities or pirated applications. It uses social engineering for initial launch. Its minimal operational footprint allows evasion of conventional security and antivirus tools.
The !dha suffix confirms Dynamic Heuristics Analysis, signaling the use of evasion techniques that bypass traditional signature-based malware scanning. It establishes persistent footholds for follow-on attacks, risking data exfiltration, operational disruption, and systemic network compromise. Business impacts include financial losses from downtime, regulatory penalties due to data breaches, and supply chain infection cascades.
- Disconnect infected devices from networks/internet to halt lateral movement and data exfiltration
- Reset all user/administrator passwords and audit Active Directory for anomalous logins.
- Restore files from offline backups. Avoid cloud backups until disinfection is complete.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
