Trend Micro laid bare details of Batloader malware in a report that has anti-sandboxing capabilities and can fingerprint hosts for legitimacy. The modular malware abuses legitimate tools such as NirCmd.exe and Nsudo.exe to escalate privileges. First observed in the last quarter of 2022, it was found dropping several malware payloads, including Ursnif, RedLine Stealer, Vidar, Bumbleloader, ZLoader, Cobalt Strike, and SmokeLoader.