Inside Zloader's Latest Trick: DNS Tunneling
Dec. 11, 2024, 11:04 a.m.
Description
Zloader, a modular Trojan based on Zeus source code, has introduced new features in version 2.9.4.0 to enhance its anti-analysis capabilities and resilience against detection. Key updates include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting over a dozen commands, and improved anti-analysis techniques. The malware now uses more targeted distribution methods, moving away from large-scale spam campaigns. Technical analysis reveals changes in configuration, environment checks, API resolution, and network communication. The new DNS tunneling feature allows Zloader to encapsulate encrypted TLS traffic through a custom protocol using DNS records, providing an additional layer of obfuscation.
Tags
Date
- Created: Dec. 11, 2024, 2:51 a.m.
- Published: Dec. 11, 2024, 2:51 a.m.
- Modified: Dec. 11, 2024, 11:04 a.m.
Indicators
- 6713bfbe1a8dea1ce0b97a5196762fe327f8da770a06e9aff09fff3a4f07cc14
- 45.61.152.154
- bigdealcenter.world
Additional Informations
- Finance