← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
BatLoader Continues to Abuse Google Search Ads
WHITE AlienVault 2023-03-15 Modified: 2023-03-15
38
IOCs
MEDIUM VOLUME
In December, Microsoft's eSentire published a summary of BatLoader activity whereby Google Search Ads were used to impersonate software such as WinRAR to deliver malicious Windows Installer files. The installer files contained custom action commands which used PowerShell to download and execute payloads (Redline Stealer, Ursnif, etc.) hosted on legitimate websites.
Cobalt StrikeRedlineSystemBCVidarUrsnifBatLoader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
BatLoader SystemBC Redline Cobalt Strike Vidar Ursnif
Indicators of Compromise (5 / 38 total)
All domain URL CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0cb75b1192b23b8e03d955f1156ad19e 2023-03-15
FileHash-MD5 11ae3dabdb2d2458da43558f36114acb 2023-03-15
FileHash-MD5 3db1edc5b5550f54abdcb5520cf91d75 2023-03-15
FileHash-MD5 85fbc743bb686688ce05cf3289507bf7 2023-03-15
FileHash-MD5 9ebbe0a1b79e6f13bfca014f878ddeec 2023-03-15
References (1)
↗ https://www.esentire.com/blog/batloader-continues-to-abuse-google-search-ads-to-deliver-vidar-stealer-and-ursnif