According to the vx-underground Twitter account, this is just Regin (which was first described in 2014): https://x.com/vxunderground/status/1995309917805179141

https://en.wikipedia.org/wiki/Regin_(malware)

▲

ashleyn 31 minutes ago | parent | next [-]

Well at the very least he confirmed Regin continues to circulate.

	▲	unsnap_biceps 16 minutes ago \| parent [-]
		He hasn't actually confirmed that the image he's processing is recent or if it was a test image and by "I found", he means he was able to find the thing that was known to be there. The Twitter thread has some people asking for clarification and none have been received yet.

▲

bri3d an hour ago | parent | prev [-]

I’m not even convinced the audiod thing is Regin; whatever is going on is way less sophisticated even based on what the OP posted from volatility. I don’t think the hash they gave vx-underground is even from the sample from the original screenshots.

I think this person is just karma/clout farming badly and the screenshots are of some even more basic RAT.