6월 14, 2023
Malware Demo: SentinelOne VS BatCloak – Protection
In this video, we illustrate SentinelOne’s ability to detect, mitigate and prevent attacks incorporating BatCloak-generated payloads. “BatCloak” refers to a shared engine found in a number of commodity 'FUD Crypters' sold in crime forums, marketplaces, Telegram channels and similar venues. Some versions are sold for $25, although the tool is widely available via leaks or alternate forks and repositories. Our demonstration shows a threat actor obfuscating a Redline Stealer payload via the Jlaive/Madera Crypter. The newly-obfuscated payload is then dropped to a victim device and executed. SentinelOne is able to both detect and prevent.
Crypters, or obfuscation tools and packers, are used to evade endpoint security technology such as legacy AV, EDR, and XDR. The name refers to the cloaking of payloads in a nested fashion within .BAT (batch) and .PS1 (PowerShell) files. This cloaking ultimately leads to the execution of the original payload.
Crypter programs associated or incorporating BatCloak’s methods include known tools including CryBat, Jlaive, Madera, ScrubCrypt and others. Many of these are available in open source repositories, or have been leaked to the aforementioned crime forums and markets.
Watch the demo to understand how SentinelOne's advanced threat detection and prevention capabilities can protect your systems against threats like BatCloak. For more technical insights and cybersecurity updates, subscribe to our channel.
관련 리소스
데이터시트
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
지금 읽기
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset