Exploring the D3F@ck Malware-as-a-Service Loader
Aug. 19, 2024, 1:24 p.m.
Tags
External References
Description
This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal scripts, and code obfuscation methods like custom Base64 alphabets and Caesar ciphers. It delivers additional malware payloads like Raccoon Stealer, MetaStealer, SectopRAT, and DanaBot. The developer operates a separate traffic team specializing in distributing stealers and markets both EV certificates and the D3F@ck Loader itself.
Date
Published: Aug. 19, 2024, 1:17 p.m.
Created: Aug. 19, 2024, 1:17 p.m.
Modified: Aug. 19, 2024, 1:24 p.m.
Indicators
ebfec71ad43d309e27812bc1f9f36e30264ae3b2420f187bb42191a925166fad
www.havysoft.cl
http://www.havysoft.cl/
jilinebyli.top
Attack Patterns
D3F@ck Loader
Raccoon Stealer
DanaBot
SectopRAT
MetaStealer
Sergei Panteleevich
T1102.001
T1189
T1562.001
T1057
T1204
T1553
CVE-2024-7593