Cyber Security

Matanbuchus Loader: A New Malware-as-a-Service

Unit 42 researchers have identified a threat actor named BelialDemon, who is a member of several underground forums and is offering Malware-as-a-Service (MaaS). In February, the actor had advertised a new MaaS named Matanbuchus Loader, charging a basic rental price of $2,500.

What has happened?

Researchers from Unit 42 have discovered multiple organizations, such as large universities and high schools in the U.S., along with high-tech organizations in Belgium, being targeted by Matanbuchus.

  • BelialDemon is involved in the development of malware loaders and is considered the main developer of a loader, TriumphLoader. The threat actor has experience with selling such threats.
  • In the posts on the underground forum, the attacker was particularly looking to recruit three people as part of its MaaS offering.
  • The sample of Matanbuchus led to the discovery of a file in the wild, ddg[.]dll, that is actively dropped via hxxp://idea-secure-login[.]com and then saved locally as hcRlCTg[.]dll.

About Matanbuchus 

BelialDemon operators follow a biblical theme for its name. The word Belial and the name of the loader Matanbuchus, stem from the Ascension of Isaiah.

  • Matanbuchus MaaS can launch an EXE or DLL file in memory, leverage schtasks.exe to add or modify task schedules, and launch custom PowerShell commands, among other capabilities.
  • Attackers use a Microsoft Excel document as the initial vector to drop the Matanbuchus Loader DLL. When the Excel document is opened, it asks users to enable macros to view the content.
  • The main goal of DLL is to drop the main Matanbuchus DLL. However, before that, it makes a number of API calls usually observed in anti-debugging and anti-virtualization checks.

Conclusion

At present, the malware loader is available for purchase at underground marketplaces. Therefore, to protect from such threats, experts recommend using genuine threat intelligence solutions to strengthen the defenses of organizations.

Source: https://cyware.com/news/matanbuchus-loader-a-new-malware-as-a-service-50c4e16f

Click to comment

You May Also Like

Accidents

FILE – In this Tuesday, March 22, 2016 file photo, police and rescue teams are pictured outside the metro station Maelbeek in Brussels. The...

Cyber Security

The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht...

International News

Seventeen year old Anglo-Belgian pilot, Mack Rutherford, speaks with the media after landing at the Buzet airfield in Pont-A-Celles, Belgium, Tuesday, Aug. 23, 2022....

Environmental News

A Cameroonian flag flies on a ship at the port in Douala, Cameroon, on April 10, 2022. In recent years, the country has emerged...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version