Peaklight: illuminating the shadows

Intel Name: Peaklight: illuminating the shadows

Date of Scan: January 22, 2025

Impact: Medium

Summary:
“PEAKLIGHT: Illuminating the Shadows” refers to a PowerShell-based downloader malware, first identified by Mandiant, that facilitates the delivery of infostealers through malware-as-a-service. The infection begins via a Microsoft Shortcut File (LNK) which connects to a CDN, serving a JavaScript dropper. This dropper ultimately runs a PowerShell script that delivers various payloads, including LummaC2, HijackLoader, and CryptBot. The name “PEAKLIGHT” symbolizes the malware’s ability to expose and deploy malicious activity in a covert manner.

More Details