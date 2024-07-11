Eldorado crew advertises a locker and a loader, but what's unusual about this malware is that it does not use any previously published builder sources – such as the LockBit 3.0 ransomware that was leaked in September 2022, or the Babuk source code that was made public a year earlier.

Additionally, the Windows version uses a PowerShell command to overwrite the encryptor with random bytes before it deletes the file, which also helps remove any traces of the malware.