A new malware-as-a-service (MaaS) loader under the name “BunnyLoader” has been discovered to be sold in multiple hacking forums. This malware has multiple functionalities which include second-stage payload downloading and executing, browser credentials and system information stealing, keylogging, and much more.
Additionally, there are traces of the malware replacing cryptocurrency wallet addresses, monitoring the victim’s clipboard, and encapsulating the data into a ZIP archive for transmitting to a command-and-control (C2) server.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
BunnyLoader New Malware-as-a-Service (MaaS)
This malware was first discovered in early September 2023 and has seen several updates with many features and bug fixes by the end of September 2023. These updates include credit card recovery to stealer function, AV evasion implementation, C2 GUI Changes, and much more.
The first version of BunnyLoader was found to be BunnyLoader v1.0, and the latest version has been reported as BunnyLoader v2.0. However, this software has been sold at a price of $250 with lifetime access.
According to its advertiser, who goes by the name PLAYER_BUNNY, this malware has been written in C/C++ and is capable of remote command execution, Fileless loader, anti-analysis techniques, and contains a web panel for showcasing stealer logs, total clients, active tasks, and much more.
Command and Control Panel (Web Panel)
In addition, the panel also provides information about the infection statistics, the total number of connected or disconnected clients, active tasks, and stealer logs. The infected machines can also be remotely controlled from the C2 panel.
Moreover, the BunnyLoader malware contains a Trojan downloader (FileLess Execution), Intruder (Keylogger, Stealer), and Clipper (Crypto wallet stealing from Bitcoin, Monero, Ethereum, Litecoin, Dogecoin, ZCash, and Tether).
A complete report about this malware has been published by Zscaler, which provides detailed information about the malware, working working structure, and other information.
Indicators of Compromise
C2 Server:
37[.]139[.]129[.]145/Bunny/
BunnyLoader samples:
dbf727e1effc3631ae634d95a0d88bf3
bbf53c2f20ac95a3bc18ea7575f2344b
59ac3eacd67228850d5478fd3f18df78
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.