Moonrise is a sophisticated, Go-based (Golang) malware designed for of infected Windows systems. It is frequently distributed via ZIP archives masquerading as legitimate software, cracks, or driver updates. Key Technical Findings
ZIP files are a preferred delivery method for attackers because they can bundle multiple malicious components that remain dormant until unzipped and executed. Why ZIP Uploads are Dangerous - Cloudmersive APIs Why ZIP Uploads are Dangerous - Cloudmersive APIs
: At the time of its initial discovery, Moonrise was largely undetected by traditional Antivirus (AV) solutions on platforms like VirusTotal because it uses unencrypted WebSocket (ws://) channels for command-and-control (C2) and lacks heavy obfuscation that might trigger signature-based alerts. Executive Summary : The malware enables attackers to
: Once executed, it can modify the Windows Registry to ensure it restarts automatically with the computer, often masquerading as a system process like svchost.exe . Risk Assessment of the ZIP Archive Moonrise is a sophisticated
The file identified as (often associated with strings like "李映йњÐ") is linked to a highly dangerous Remote Access Trojan (RAT) known as Moonrise , which was widely documented by security researchers in early 2026. Executive Summary
: The malware enables attackers to execute remote commands, capture screens, monitor microphones/webcams, log keystrokes, and harvest credentials from browsers and clipboards.