Zloader Learns Old Tricks

May 1, 2024, 11:09 p.m.

Tags
python
anti-analysis
windows registry
zloader
zeus
External References
Description

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection. This anti-analysis technique was present in the original ZeuS 2.X code but implemented differently.

Date

Published: April 30, 2024, 2:41 p.m.

Created: April 30, 2024, 2:41 p.m.

Modified: May 1, 2024, 11:09 p.m.

Indicators

eingangfurkunden.digital

cba9578875a3e222d502bb6a85898939bb9e8e247d30fcc0d44d83a64919f448

b1a6bf93d4ee659db03e51a3765d4d3c2ee3f1b56bd9b701ab5939d63f57d9ee

85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6

85962530c71cd31c102853d64a8829f93b63bd1406bdec537b9d8c200f8f0bcc

Download all indicators here!

Attack Patterns

Zloader

Zloader

T1050

T1139

T1543.003

T1542

T1490

T1137

T1059.005

T1027.002

T1059.003

T1059.001

T1572

T1557

T1497

T1105

T1543

T1055

T1027

T1053

T1562

T1059