HOMETHREATSlsassDumper
APT / THREAT GROUP

lsassDumper

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

This in Go written malware is lsass process memory dumper, which was custom developed by threat actors according to Security Joes. It has the capability to automatically exfiltrate the results to the free file transfer service "transfer.sh".

Threat Analysis

lsassDumper is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.lsassdumperlsassDumper

External Intelligence

Malpedia: win.lsassdumper

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.