MALWARE FAMILY

SSLoad

Internal ID: win.ssload
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

SSLoad is a Rust-based downloader that first emerged in January 2024 and is used to deliver secondary payloads. Early versions of the malware used a first-stage DLL that connected to a Telegram channel named 'SSLoad' to retrieve another URL. It then downloaded a compressed PE file using a hardcoded User-Agent (SSLoad/1.x) and Content-Type over HTTP. The downloaded file was then decompressed and executed directly in memory. The malware has since undergone several updates, including changes to the command-and-control (C2) communication and the supporting executables that load the malware. Recent versions of the malware bypass the first-stage DLL by loading SSLoad directly onto the victim's machine.

Threat Analysis

SSLoad is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.ssload

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
SSLoad — Malware Family | Threat Intelligence | CTIWATCH.COM