Displaying items by tag: downloaders

Malware delivery and distribution techniques always changing. As blue teams develop an understanding of one type of attack, the attackers shift to something different. Security researchers and security teams follow (or should follow) these methods so they can shift defensive tactics and software to meet the new challenge. This brings us to our topic for today. Researchers over at Proofpoint have identified an unusual packer called DTPacker, a .NET packer that not only obfuscates the payload that it is delivering but can act as both a runtime packer (a self-executing archive) as well as a downloader. This is unusual all on its own, but there are other factors that have been observed in this packer that make it the odd person out.