Security News > 2020 > November > TrickBot malware uses obfuscated Windows batch script to evade detection

TrickBot malware uses obfuscated Windows batch script to evade detection
2020-11-24 09:00

One such capability is its use of an obfuscated batch script launcher to jumpstart malicious executables.

TrickBot deploys ransomware via obfuscated BAT scripts.

The use of an obfuscated batch script, shown below, to launch the executable is likely another feature to fly under the radar of enterprise security products.

Recently, researchers at Huntress Labs discovered another TrickBot sample that used a similar batch script with over 40 lines of obfuscated code.

The researcher told us, since all of the characters in the batch script were ASCII printable characters, rather than binary code, it was easier to transmit the script over the wire while bypassing the scrutiny of antivirus programs.


News URL

https://www.bleepingcomputer.com/news/security/trickbot-malware-uses-obfuscated-windows-batch-script-to-evade-detection/