New BATLoader Disseminates RATs and Stealers
Tags
cmtmf-attack-pattern: Application Layer Protocol Command And Scripting Interpreter Masquerading Process Injection Scheduled Task/Job
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 File Deletion - T1070.004 File Deletion - T1630.002 Hidden Files And Directories - T1564.001 Hide Artifacts - T1564 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Scheduled Task/Job - T1603 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 File And Directory Discovery - T1083 File Deletion - T1107 Hidden Files And Directories - T1158 Indicator Removal On Host - T1070 Masquerading - T1036 Standard Non-Application Layer Protocol - T1095 Powershell - T1086 Process Injection - T1055 Scheduled Task - T1053 Scripting - T1064 Security Software Discovery - T1063 System Information Discovery - T1082 Windows Management Instrumentation - T1047 User Execution - T1204 Masquerading Scripting User Execution
Show in Graph
Common Information
Type Value
UUID 97574082-854a-4617-8fd1-510384786a1b
Fingerprint a8c53910b9fa4382
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 2, 2023, midnight
Added to db Oct. 24, 2023, 1:30 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline New BATLoader Disseminates RATs and Stealers
Title New BATLoader Disseminates RATs and Stealers
Detected Hints/Tags/Attributes 90/3/37
Source URLs
Redirection Url
Details Redirection https://blog.cyble.com/2023/02/02/new-batloader-disseminates-rats-and-stealers/
Details Source https://cyble.com/blog/new-batloader-disseminates-rats-and-stealers/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
Details cyble.com blog.cyble.com
Attributes
Details Type #Events CTI Value
Details Domain 228 
system.io
Details File 2 
bill.exe
Details File 1 
bill.bat
Details File 1208 
powershell.exe
Details File 12 
ixp000.tmp
Details File 36 
compression.gzip
Details File 55 
payload.exe
Details File 24 
update.bat
Details File 1 
tmp995d.exe
Details File 1 
tmp3680.tmp
Details sha256 1 
7677442c6afc8aee0f4dfaaafb69fa290d1ec8d53b84763484e25c316df267cc
Details sha256 1 
cb36052775ff82522c60883729071f69b66a00413edce7d554e8af4c0d15e931
Details sha256 1 
66329a56f2ab10fdd3050c07349ad41f802e9f100b9bd2925f9b0940ec3ff0a6
Details sha256 1 
9cd24f62ecb15856de992b14f2b44f09a8ba74f1220d9ae544e6919ada0335ad
Details sha256 1 
13ca7d5e399860423c237d2597f799f104facf971d0552080049f5d618ccb582
Details sha256 2 
764250ddf94b90441193fe1c29754f231e0868d1878fdf3150e5744dd8d8c378
Details sha256 1 
2e0b02dbfc729d375e38d6cbc88a186c48f9250ab5d13a2f350c1a4a3137c4bf
Details sha256 2 
d71cdb791f3f58bd064fb840488f7e708d707b1d39e70fbe5c597f7fbcc0699e
Details sha256 1 
d5d8deb0a6da4352ded02c6a51c10efae2b030518247713ecb28274123b76fb8
Details sha256 2 
fa78bb7d250a3893f188e5e7651070a20dd690fc6647020d5d399874e71c8e88
Details IPv4 1 
103.146.23.112
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 80 
T1064
Details MITRE ATT&CK Techniques 310 
T1047
Details MITRE ATT&CK Techniques 480 
T1053
Details MITRE ATT&CK Techniques 440 
T1055
Details MITRE ATT&CK Techniques 265 
T1222
Details MITRE ATT&CK Techniques 107 
T1564
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 247 
T1070
Details MITRE ATT&CK Techniques 238 
T1497
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 185 
T1518
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 159 
T1095