MalwareBazaar Database
This page shows some basic information the YARA rule IDATDropper including corresponding malware samples.
Database Entry
| YARA Rule: | IDATDropper |
|---|---|
| Author: | NDA0E |
| Description: | Detects modified versions of dialer.exe and BthUdTask.exe containing embedded JavaScript used to decode a string from Charcode, thus creating a PowerShell downloader script that delivers IDAT Loader, mostly seen paired with Lumma and Meduza. |
| Firstseen: | 2024-07-31 20:18:21 UTC |
| Lastseen: | 2025-08-13 07:16:54 UTC |
| Sightings: | 172 |
Malware Samples
The table below shows all malware samples that matching this particular YARA rule (max 1000).
| Firstseen (UTC) | SHA256 hash | Tags | Signature | Reporter |
|---|