Cyber Security News

Batloader: A Batch File That Delivers Several Different Types of Malware

by Esmeralda McKenzie
written by Esmeralda McKenzie
Batloader: A Batch File That Delivers Several Different Types of Malware

Batloader: A Batch File That Delivers Several Different Types of Malware

Batloader

Several malware households were dropped at victims by different phases of the assault. One of many total strategies for handing over ransomware, RATs, and Cryptojackers turned into the exhaust of a batloader. A batloader is a file that can effect different malicious actions when performed.

Batloaders cling turn into extra and extra standard among menace actors attributable to their simplicity in offer, execution, and extra capabilities. Cybercriminals and APT groups are widely adopting it.

EHA

File

Shield Your Storage With SafeGuard

Is Your Storage & Backup Programs Fully Safe? – Hit upon 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities all the intention by hundreds of storage and backup gadgets.

Technical Prognosis

Batloaders are but again and but again delivered by skill of phishing emails, luring the victims to bolt a malicious file on their machine. The most total batloader script veteran turned into stumbled on to be extremely obfuscated. Nonetheless, deobfuscating the batch script supplied the actions of the batch script.

Source: Seqrite
Source: Seqrite

The batch script copies a powershell.exe executable to a deliver specified by %temp%Lroxmuu.png.  It moreover copies the present batch file to a deliver specified by %temp%Lroxmuu.png.bat.

Obfuscated batch file (Source: Seqrite)
Obfuscated batch file

The PowerShell commands within the script develop one other script with a custom parameter -receive, which expects a base64-encoded string argument. Extra diagnosis revealed that the script performs dynamic code loading and execution from a base64-encoded offer within the present batch script.

Within the break, an executable .NET file turned into injected into a activity in step with the particular malware family. This file moreover establishes a connection with the Present and Support watch over server for extracting extra payload in positive cases.

A total describe about this batloader has been printed, which offers detailed files about the provision code, diagnosis, and extra files.

Indicators of Compromise

  • 64250ddf94b90441193fe1c29754f231e0868d1878fdf3150e5744dd8d8c378
  • d71cdb791f3f58bd064fb840488f7e708d707b1d39e70fbe5c597f7fbcc0699e
  • fa78bb7d250a3893f188e5e7651070a20dd690fc6647020d5d399874e71c8e88
  • 184eaf1cfa3460a8fe544c6d3d253c18ac50ba18acb718d6a2707e25400a5eab
  • 108e07174511fa58ece920149d6b2f26f386b33f5e54bfbbb758b9c3b6cae362
  • 24f3f9ada9ef84eb3bb749de500e43c85640d8c0140ebe6d7573520f61bfe5f7
  • 7af0a77161be52ad53fdb2ae9a06cbd9eaf8d59be43c642901efcbb5c03d30e3
  • 5158b0a023299c1922423a065b9825fd1769f1a87ffd2031375a0e893d523318

Source credit : cybersecuritynews.com

Related Posts

Google Chrome 127 Released With Fix for Vulnerabilities...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Play Ransomware Variant Attacking Linux ESXi Servers

Google Researchers Detailed Tools Used by APT41 Hacker...

Threat Actors Hijacking Facebook Accounts With Password Stealing...

Weekly Cyber Security News Letter – Data Breaches,...

CrowdStrike Releases Fix for Updates Causing Windows to...

Cisco Smart Software Manager Flaw Let Attackers Change...

Killer Ultra Malware Attacking EDR Tools From Symantec,...