Analyzing OBSCURE#BAT: Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A stealthy malware campaign dubbed OBSCURE#BAT has been discovered, utilizing social engineering and deceptive file downloads to trick users into executing obfuscated code. The infection chain deploys a user-mode rootkit that manipulates system processes and registry entries to evade detection and maintain persistence. The malware, identified as r77 rootkit, hides files, processes, and registry keys with a specific prefix. It uses highly obfuscated batch scripts, PowerShell commands, and registry manipulation to establish persistence. The campaign targets English-speaking individuals through fake captchas, malvertising, and masquerading as legitimate software. The rootkit's ability to cloak malicious activities and inject into critical system processes makes it particularly dangerous and difficult to detect using conventional methods.
OPENCTI LABELS :
social engineering,api hooking,quasarrat,r77 rootkit,user-mode rootkit
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Analyzing OBSCURE#BAT: Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits