Exploring the D3F@ck Malware-as-a-Service Loader

216.73.216.6

Exploring the D3F@ck Malware-as-a-Service Loader

· Published 19/08/2024 13:17 · Modified 19/08/2024 13:24

Essential information

Published: 19/08/2024 13:17
Modified: 19/08/2024 13:24
Tags: 2024-08-19 certificates d3f@ck loader danabot loader malware metastealer obfuscation raccoon stealer sectoprat stealer
Related entities: 1 vulnerabilities (cve), 4 observables, 1 intrusion sets (apt), 6 techniques (mitre), 5 malware

Description

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal scripts, and code obfuscation methods like custom Base64 alphabets and Caesar ciphers. It delivers additional malware payloads like Raccoon Stealer, MetaStealer, SectopRAT, and DanaBot. The developer operates a separate traffic team specializing in distributing stealers and markets both EV certificates and the D3F@ck Loader itself.