Shedding light on the ABYSSWORKER driver

This report provides an in-depth technical analysis of ABYSSWORKER, a malicious 64-bit Windows kernel driver (smuol.sys) signed with revoked/stolen certificates and used alongside a HEARTCRYPT-packed loader to disable EDR products and enable deployment of MEDUSA ransomware; it details initialization, client protection, IOCTL command set for disabling defenses and manipulating files/processes/drivers, API-loading mechanisms, mitigation notes, and includes YARA and observable hashes.