What is Payload?

The part of malware or an exploit that performs the malicious action.

After an exploit gains execution, the payload does the real work — opening a reverse shell, dropping ransomware, or establishing C2. Payloads are often encoded or obfuscated to evade detection.

Metasploit and similar frameworks ship modular payloads.