DBatLoader (ModiLoader) Being Distributed to Turkish Users
Recently, AhnLab SEcurity intelligence Center (ASEC) has identified cases of the ModiLoader (DBatLoader) malware being distributed via email. ModiLoader ultimately executes SnakeKeylogger. SnakeKeylogger is an Infostealer-type malware developed in .NET. It is known for its data exfiltration methods using emails, FTP, SMTP, or Telegram. Figure 1 shows the email being
Warning Against ModiLoader (DBatLoader) Spreading via MS Windows CAB Header Batch File (*.cmd)
In December 2024, AhnLab SEcurity intelligence Center (ASEC) identified the distribution of malware using MS Windows CAB header batch file (*.cmd) with AhnLab’s email honeypot. The malware known as ModiLoader (DBatLoader) was being distributed through purchase orders (PO). The difference from the past cases is that while the current
DBatLoader Distributed via CMD Files
AhnLab SEcurity intelligence Center (ASEC) has recently discovered malware being distributed through CMD files and identified it as a downloader called DBatLoader (ModiLoader) that had been distributed before via phishing emails in RAR file format containing an EXE file. The file contained “FF, FE” which means “UTF-16LE”, so when the
