SYMBOLCOMMON_NAMEaka. SYNONYMS
win.bat_loader (Back to overview)

BATLOADER

According to PCrisk, BATLOADER is part of the infection chain where it is used to perform the initial compromise. This malware is used to execute payloads like Ursnif. Our team has discovered BATLOADER after executing installers for legitimate software (such as Zoom, TeamViewer Visual Studio) bundled with this malware. We have found those installers on compromised websites.

References
2023-12-18SeqriteRumana Siddiqui
Decoding BATLOADER 2.X: Unmasking the Threat of Stealthy Malware Tactics
BATLOADER
2023-08-07Trend MicroJunestherry Dela Cruz
Latest Batloader Campaigns Use Pyarmor Pro for Evasion
BATLOADER
2023-08-01eSentireeSentire Threat Response Unit (TRU)
BatLoader Continues Signed MSIX App Package Abuse
BATLOADER
2023-03-30eSentireeSentire Threat Response Unit (TRU)
eSentire Threat Intelligence Malware Analysis: BatLoader
BATLOADER Cobalt Strike ISFB SystemBC Vidar
2023-03-09eSentireeSentire Threat Response Unit (TRU)
BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif
BATLOADER ISFB Vidar
2023-02-28Intel 471Intel 471
Malvertising Surges to Distribute Malware
BATLOADER IcedID
2023-02-08NTT SecurityRyu Hiyoshi
SteelClover Attacks Distributing Malware Via Google Ads Increased
BATLOADER ISFB RedLine Stealer
2023-02-02KrollElio Biasiotto, Stephen Green
Hive Ransomware Technical Analysis and Initial Access Discovery
BATLOADER Cobalt Strike Hive
2023-01-17TrendmicroJunestherry Dela Cruz
Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks
BATLOADER
2022-11-14vmwareBethany Hardin, Deborah Snyder, Lavine Oluoch, Nikki Benoit, Tatiana Vollbrecht
BATLOADER: The Evasive Downloader Malware
BATLOADER
2022-04-15Medium walmartglobaltechJason Reaves
Revisiting BatLoader C2 structure
BATLOADER
2022-02-01MandiantAngelo Del Rosario, Martin Co, Ng Choon Kiat
Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
BATLOADER
2022-01-11Medium walmartglobaltechJason Reaves, Joshua Platt
Signed DLL campaigns as a service
BATLOADER Cobalt Strike ISFB Zloader

There is no Yara-Signature yet.