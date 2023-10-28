The StripedFly malware framework was first discovered after Kaspersky found the platform's shellcode injected in the WININIT.EXE process, a legitimate Windows OS process that handles the initialization of various subsystems.

[...]

For persistence on Windows systems, StripedFly adjusts its behavior based on the level of privileges it runs on and the presence of PowerShell.

Without PowerShell, it generates a hidden file in the %APPDATA% directory. In cases where PowerShell is available, it executes scripts for creating scheduled tasks or modifying Windows Registry keys.