A new malware called Pronsis Loader has been discovered, with similarities to D3F@ck Loader. Both use JPHP-compiled executables, but Pronsis uses NSIS for installation instead of Inno Setup. Pronsis Loader typically delivers Lumma Stealer and Latrodectus payloads. It employs defense evasion techniques like excluding user directories from Windows Defender scans. The malware establishes persistence through scheduled tasks. Infrastructure analysis revealed multiple IP addresses and open directories used to host malicious files, particularly Lumma Stealer variants. This discovery highlights the evolving nature of malware threats and the need for continued vigilance in cybersecurity practices. Author: AlienVault
Related Tags:
IceRat
D3F@ck Loader
Pronsis Loader
LATRODECTUS
T1053.005
T1070.004
T1204.002
T1547.001
T1059.001
Associated Indicators:
0C7FA9CDB7BD20CF3ACF1677F35BBC1217203AE2031CF20EE71BA85680F06A87
77CCD2215C29F6C4EE2C997D93EDBD598A3346DF352D75ABE0A51A8F002F0EA2
D8FF7B3040D2674DBDC77B184266DDEF54444C0D8DB4880DDD3BCD45D610E0C1
F76E0D89D63D173CCDBEFD484D9D5C21420C8A5630084B29BFA0F0FDBEE6EC04
F18FA5AAD5877F994FFB403F3A34367B7D296803E4A892F8035DF5129B72273A
98F880E1CA7F4F5A869E7C1641206FE8FFE91FB171FB3256FF91BEA5D322A1D3
84A8D78D1C276560A0E7596206029809C11046B4D14E8DF1D13044B78362B567
B45BC251E0C731D157638BF162AAD13B4428387ADA433B37DBA3796CBD9B4093
7E3CCFEB074C4666A4A34AE23C0606432F77C641E1CF62FC034A6575DD23ABD1