Objective: to counter the growing spread of fake news and disinformation against Paris and its Armed Forces. Parly: “We want to win the war before the war.”
Palo Alto Networks Unit 42: Matanbuchus Loader is a new MaaS by a BelialDemon. The malware has several capabilities and, along with the gang’s name, references to Ascension of Isaiah 2:4
Matanbuchus Loader is a new malware-as-a-service (MaaS) created by a BelialDemon. This one is a cybercrime actor who references demonic themes in software and usernames. It has been discovered by Palo Alto Networks Unit 42 cybersecurity experts. The malicious code has been advertised in February 2021 at an initial rental price of $2,500 and it has already hit several organizations in USA and EU until today. It is able to:
- launch a .exe or .dll file in memory;
- leverage schtasks.exe to add or modify task schedules;
- launch custom PowerShell commands;
- leverage a standalone executable to load the DLL if the attacker otherwise has no way of doing so.
Moreover, there is an interesting element: the gang’s name, Belial, along with the name of the new loader, Matanbuchus, stem from the Ascension of Isaiah 2:4: “And Manasseh turned aside his heart to serve Belial; for the angel of lawlessness, who is the ruler of this world, is Belial, whose name is Matanbuchus.”