Threat Research

Chatter Chatter Chatter Chatter Chatter Chatter ChatterLoader

Securonix

BabbleLoader is an advanced loader that delivers diverse malicious payloads while employing sophisticated evasion techniques to avoid detection. The loader uses junk code insertion, metamorphic transformations, dynamic API resolution, and anti-sandbox measures to frustrate traditional and AI-driven defenses. #BabbleLoader #Intezer

Keypoints

  • Loaders are a central component of cybercrime operations, enabling the delivery of varied payloads such as info-stealers, ransomware, and other malware.
  • BabbleLoader is specifically engineered to bypass antivirus and sandbox environments through multiple layered techniques.
  • Key evasion methods include junk code insertion, metamorphic transformations, dynamic API resolution, and anti-sandbox checks.
  • The loader targets a broad audience, from users seeking cracked software to business professionals, increasing its opportunity for distribution.
  • The complexity and adaptability of BabbleLoader create challenges for AI-driven detection systems and conventional signature-based tools.
  • Researchers note BabbleLoader incorporates recent security research findings, suggesting future loaders may grow more evasive and harder to detect.

MITRE Techniques

  • [T1071] Command and Control – Uses multiple command-and-control domains to maintain communication with compromised systems. [‘Utilizes multiple command and control domains to maintain communication with compromised systems.’]
  • [T1027] Defense Evasion – Employs obfuscation and junk code insertion to hide malicious intent and evade detection. [‘Employs obfuscation techniques, such as junk code insertion, to evade detection.’]
  • [T1203] Execution – Executes malicious payloads by loading and injecting code through the loader component. [‘Executes malicious payloads through loaders that inject code into target systems.’]
  • [T1003] Credential Access – Facilitates deployment of info-stealers that target sensitive credentials once persistence is achieved. [‘Targets sensitive information through info-stealers delivered by loaders.’]
  • [T1486] Impact – Delivers ransomware or other destructive payloads to disrupt or encrypt target systems. [‘Delivers ransomware or other destructive payloads to impact target systems.’]

Indicators of Compromise

  • [file hash] BabbleLoader-related sample hashes – 052c776fdc9700dfb37f964a73d461a57efad30a01bcf54505d7abcd601e6ff3, 0ad8513b62a778d7e426627be3ed2dbaf00d99b9802a1f566dc9203e3d311fc3, and 3 more hashes

Read more: https://intezer.com/blog/research/babble-babble-babble-babble-babble-babble-babbleloader/ – get from article

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint