Security News > 2020 > November > TrickBot malware uses obfuscated Windows batch script to evade detection
One such capability is its use of an obfuscated batch script launcher to jumpstart malicious executables.
TrickBot deploys ransomware via obfuscated BAT scripts.
The use of an obfuscated batch script, shown below, to launch the executable is likely another feature to fly under the radar of enterprise security products.
Recently, researchers at Huntress Labs discovered another TrickBot sample that used a similar batch script with over 40 lines of obfuscated code.
The researcher told us, since all of the characters in the batch script were ASCII printable characters, rather than binary code, it was easier to transmit the script over the wire while bypassing the scrutiny of antivirus programs.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)