DBatLoader Distributed via CMD Files

Tags

External References

• https://asec.ahnlab.com/
• https://otx.alienvault.com/

Description

A cybersecurity analysis has identified a malicious operation involving the distribution of a downloader, dubbed DBatLoader or ModiLoader, through CMD files disguised as innocuous files. The campaign leverages phishing emails containing compressed CMD files that, when executed on English-language Windows systems, employ obfuscation and multiple decoding stages to ultimately deploy the malware payload. DBatLoader is a Delphi-compiled executable that loads additional malicious components from external sources, highlighting the persistent threats posed by such stealthy distribution tactics.

Date