BATLOADER (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.bat_loader (Back to overview)

BATLOADER

According to PCrisk, BATLOADER is part of the infection chain where it is used to perform the initial compromise. This malware is used to execute payloads like Ursnif. Our team has discovered BATLOADER after executing installers for legitimate software (such as Zoom, TeamViewer Visual Studio) bundled with this malware. We have found those installers on compromised websites.

References

2023-12-30 ⋅ Rewterz Information Security ⋅ Rewterz Information Security
Rewterz Threat Alert – Widely Abused MSIX App Installer Disabled by Microsoft – Active IOCs
EugenLoader POWERTRASH BATLOADER DarkGate FlawedGrace NetSupportManager RAT SectopRAT Storm-0506

2023-12-18 ⋅ Seqrite ⋅ Rumana Siddiqui
Decoding BATLOADER 2.X: Unmasking the Threat of Stealthy Malware Tactics
BATLOADER

2023-08-07 ⋅ Trend Micro ⋅ Junestherry Dela Cruz
Latest Batloader Campaigns Use Pyarmor Pro for Evasion
BATLOADER

2023-08-01 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
BatLoader Continues Signed MSIX App Package Abuse
BATLOADER

2023-03-30 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
eSentire Threat Intelligence Malware Analysis: BatLoader
BATLOADER Cobalt Strike ISFB SystemBC Vidar

2023-03-09 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif
BATLOADER ISFB Vidar

2023-02-28 ⋅ Intel 471 ⋅ Intel 471
Malvertising Surges to Distribute Malware
EugenLoader BATLOADER IcedID

2023-02-08 ⋅ NTT Security ⋅ Ryu Hiyoshi
SteelClover Attacks Distributing Malware Via Google Ads Increased
BATLOADER ISFB RedLine Stealer

2023-02-02 ⋅ Kroll ⋅ Elio Biasiotto, Stephen Green
Hive Ransomware Technical Analysis and Initial Access Discovery
BATLOADER Cobalt Strike Hive

2023-01-17 ⋅ Trendmicro ⋅ Junestherry Dela Cruz
Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks
BATLOADER

2022-11-14 ⋅ vmware ⋅ Bethany Hardin, Deborah Snyder, Lavine Oluoch, Nikki Benoit, Tatiana Vollbrecht
BATLOADER: The Evasive Downloader Malware
BATLOADER

2022-04-15 ⋅ Medium walmartglobaltech ⋅ Jason Reaves
Revisiting BatLoader C2 structure
BATLOADER

2022-02-01 ⋅ Mandiant ⋅ Angelo Del Rosario, Martin Co, Ng Choon Kiat
Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
BATLOADER

2022-01-11 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Signed DLL campaigns as a service
BATLOADER Cobalt Strike ISFB Zloader

There is no Yara-Signature yet.

BATLOADER Propose Change

References

BATLOADER