Jlaive

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Jlaive is a malware that began circulating in 2022, primarily known for its obfuscation algorithm powered by the BatCloak engine. The malware was designed to evade antivirus software by converting executables into undetectable batch files. The creator, identified as ch2sh, made significant contributions to Fully Undetectable (FUD) technologies, with Jlaive being an open-source toolkit. However, even though the Jlaive code repository appears abandoned, researchers have discovered that BatCloak remains active as a standalone repository, with threat actors behind Jlaive contributing to numerous iterations and adaptations of the engine. SeroXen, a modified version of Quasar RAT, adopted the loader builder Jlaive and BatCloak obfuscation engine to generate a FUD .bat loader. This modification included a rootkit among other changes. While many repositories containing modified or cloned versions of Jlaive continue to be removed from code hosting sites like GitHub and GitLab, threat actors persist in uploading the code. In some cases, development teams have ported the code to other languages such as Rust. BatCloak's functionality is specifically tied to the instructions "LineObfuscation.cs and FileObfuscation.cs" used in the Jlaive crimeware. Researchers have found that the BatCloak engine was part of the Jlaive FUD builder and is now repurposed. The BatCloak engine has also been utilized in the ScrubCrypt malware toolkit, which unlike Jlaive, is closed-source. Despite the abandonment of Jlaive's original repository, the continued use and adaptation of its core BatCloak engine highlight the ongoing threat posed by this sophisticated obfuscation technology.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Batcloak
3
BatCloak is a fully undetectable (FUD) malware obfuscation engine that has been used by threat actors to stealthily deliver their malware since September 2022. The BatCloak engine was initially part of an FUD builder named Jlaive, which began circulating in 2022. Although the Jlaive code repository
Scrubcrypt
2
ScrubCrypt is a sophisticated malware that has been identified as a significant threat in the cybersecurity landscape. It operates as part of an intricate system of harmful software, including VenomRAT and various malicious plugins, designed to exploit and damage computer systems. The malware infilt
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Crypter
Github
Loader
Antivirus
Malware
Rootkit
Payload
Rat
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SeroxenUnspecified
1
SeroXen is a potent malware that has been discovered in malicious NuGet packages, infecting developer systems. The Remote Access Trojan (RAT) was first identified by the DevSecOps company Phylum and is being delivered through typosquatted NuGet packages. Additionally, SeroXen has been found to targe
Reflective LoaderUnspecified
1
A reflective loader is a type of malware that can load a Dynamic Link Library (DLL) into a process, often without the user's knowledge. This technique allows the malware to execute malicious code directly from memory, making it harder for antivirus software to detect and remove it. The loader operat
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Jlaive Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
4 months ago
ScrubCrypt used to drop VenomRAT along with many malicious plugins
CERT-EU
a year ago
Obfuscation tool 'BatCloak’ can evade 80% of AV engines
CERT-EU
a year ago
Obfuscation tool 'BatCloak’ can evade 80% of AV engines
CERT-EU
a year ago
The Good, the Bad and the Ugly in Cybersecurity - Week 24 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Trend Micro
a year ago
SeroXen Mechanisms: Exploring Distribution, Risks, and Impact
Trend Micro
a year ago
SeroXen Incorporates Latest BatCloak Engine Iteration
Securityaffairs
a year ago
FUD Malware obfuscation engine BatCloak continues to evolve