D3F@ck Loader, the New MaaS Loader

May 21, 2024, 9:07 p.m.

Description

In March 2024, eSentire's Threat Response Unit (TRU) discovered multiple instances of D3F@ck Loader infections being propagated via Google Ads. This new loader, which debuted on hacking forums in January 2024 (Figure 1), can allegedly bypass several key security features such as Google Chrome, Edge, Windows Defender alerts, and SmartScreen.

External References

https://www.esentire.com/blog/d3f-ck-loader-the-new-maas-loader
https://otx.alienvault.com/pulse/664d0c32c10dc70041c961a7
Tags
loader
phishing
danabot
2024-05-21
google ads
smartscreen
c2 server
figure
inno setup
microsoft
unit
cyber
fileswindows nt
threat response

Date

  • Created: May 21, 2024, 9:03 p.m.
  • Published: May 21, 2024, 9:03 p.m.
  • Modified: May 21, 2024, 9:07 p.m.

Indicators

  • 116.202.188.155
  • 194.147.35.251
  • https://pastebin.com/raw/ZmJsLQWU
Download all indicators here!

Attack Patterns

  • T1110
  • T1199
  • T1055
  • T1553
  • T1059

Additional Informations

  • Food
  • Construction
  • Retail
  • Healthcare
  • Legal
  • Education
  • Finance
  • Government
  • Manufacturing

Linked vulnerabilities

CVE-2024-3400

None
Published: