
← Back to Labs
← Volver a Labs
Medium
Campaign, Malware
Defense Evasion
EDR, Sysmon, Windows
Matanbuchus 3.0: Advanced C++ Loader Evolving MaaS
Matanbuchus 3.0 is a C++-based Malware-as-a-Service loader that represents a major evolutionary step from earlier Matanbuchus branches. First observed as a commercial loader offering around 2020–2021, Matanbuchus originally focused on downloading commodity second-stage implants such as QakBot and various stealers but version 3.0 hardens this role with protocol-level refactoring, stronger cryptography, and expanded execution semantics tailored for high-friction, EDR-heavy enterprise environments.



