Dropper

A dropper is a delivery component that carries one or more embedded payloads inside its own body and writes them to disk or memory once executed. Unlike a downloader, it does not need to contact the internet for the next stage. Droppers often arrive as macro documents, ISO/IMG containers, signed installers, or trojanized utilities. They commonly include anti-analysis checks, decoy content, persistence setup and process-injection routines before launching the final malware (info-stealer, ransomware, RAT). Defences include email and web filtering, attachment sandboxing, application allow-listing, EDR with behaviour-based detection, and disabling auto-execution of macros and ISO mounting.