Aside from facilitating the comprehensive gathering and exfiltration of device information — including usernames, IP addresses, antivirus software, universally unique identifiers, system language, and date-time stamps — ManticoraLoader, which could be rented for $500 a month, also features extensive obfuscation capabilities enabling evasion of the 360 Total Security sandboxing tool, a report from Cyble Research and Intelligence Labs showed. Robust persistence has also been integrated into ManticoraLoader, which could facilitate file placement in auto-start locations to ensure continuous compromise, said researchers, who also noted the possibility of additional capabilities in the MaaS due to its modular nature.

Source: SC Magazine