The last BatLoader campaign performs the antivirus checks and is capable of modifying Windows UAC prompt, disabling Windows Defender notifications, disabling Task Manager, disabling command prompt, preventing users from accessing Windows registry tools, disabling the Run command, and modifying the display timeout.The loader drops certain malware if certain conditions of the infected host are met (e.g., ARP table, domain check).BatLoader can evade most antivirus detections due to the size of the MSI installers.eSentire Threat Response Unit (TRU) observed two different BatLoader campaigns in 2022.
BatLoader delivers additional malware and tools including ISFB, Vidar Stealer, Cobalt Strike, Syncro RMM, and SystemBC RAT via fake installers.
0 kommentar(er)
