DBatLoader

By GoldSparrow in Malware

Translate To:

DBatLoader is a two-stage malware loader written in Delphi. During the initial step, the malware establishes a connection with a predetermined Cloud-based service. In some of the observed instances, Google Drive was used and fetched a follow-up loader. In its second stage, the actual payload is delivered to the victim's machine and then executed. In most cases, the payload delivered by DBatLoader is a FormBook, an Infostealer Trojan, but in past campaigns, cybersecurity researchers have noticed the presence of different RATs (Remote Access Trojans) such as Netwire RAT or RemcosRAT.

The main distribution method in the hacker campaigns involving DBatLoader is a spam email campaign with the malware being hidden in the attached compromised files. The spam campaigns may use social-engineering tricks to target specific geographic regions or groups of people to increase the chances of the unsuspecting users downloading and executing the malware-laced email attachments.

Security researchers reverse-engineered the DBatLoader and managed to extract the underlying code. They discovered that the malware had four main functions responsible for preparing the payload by extracting, decrypting, and executing it on the victim's computer. Once the payload is ready, the DBatLoader maps it on a previously allocated portion of memory and executes it, thus starting the cybercriminals' nefarious process.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

DBatLoader

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen