HOMETHREATSFastLoader
APT / THREAT GROUP

FastLoader

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

FastLoader is a small .NET downloader, which name comes from PDB strings seen in samples. It typically downloads TrickBot. It may create a list of processes and uploads it together with screenshot(s). In more recent versions, it employs simple anti-analysis checks (VM detection) and comes with string obfuscations.

Threat Analysis

FastLoader is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

FastLoaderwin.fastloader

External Intelligence

Malpedia: win.fastloader

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
FastLoader — APT / Threat Group | Threat Intelligence | CTIWATCH.COM