Black & White Path

May 1, 2026 · Information Security

Rare‑Earth Bait: Technical Analysis of a Shellcode Loader

The 2025 Malware Hunter sample disguises a password‑protected PDF about rare‑earth governance as bait, then uses SecurityKey.exe to display the password, allocate RWX memory, run a PEB‑traversing, API‑hashing downloader shellcode, impersonate a REIA domain, and finally execute the payload via Windows fibers, with detailed detection recommendations provided.