Description
A cybersecurity analysis has identified a malicious operation involving the distribution of a downloader, dubbed DBatLoader or ModiLoader, through CMD files disguised as innocuous files. The campaign leverages phishing emails containing compressed CMD files that, when executed on English-language Windows systems, employ obfuscation and multiple decoding stages to ultimately deploy the malware payload. DBatLoader is a Delphi-compiled executable that loads additional malicious components from external sources, highlighting the persistent threats posed by such stealthy distribution tactics.
Date
| Published | Created | Modified |
|---|---|---|
| June 27, 2024, 9:26 a.m. | June 27, 2024, 9:26 a.m. | June 27, 2024, 9:56 a.m. |
Attack Patterns
ModiLoader
DBatLoader
T1059.005
T1553.005
T1059.001
T1547.001
T1059.007
T1204.002
T1105
T1566.001
T1027