Zloader Learns Old Tricks

May 1, 2024, 11:09 p.m.

Description

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection. This anti-analysis technique was present in the original ZeuS 2.X code but implemented differently.

External References

https://www.zscaler.com/blogs/security-research/zloader-learns-old-tricks
https://otx.alienvault.com/pulse/66310325d40474f335fa82f6
Tags
python
anti-analysis
windows registry
zloader
zeus

Date

  • Created: April 30, 2024, 2:41 p.m.
  • Published: April 30, 2024, 2:41 p.m.
  • Modified: May 1, 2024, 11:09 p.m.

Indicators

  • eingangfurkunden.digital
  • cba9578875a3e222d502bb6a85898939bb9e8e247d30fcc0d44d83a64919f448
  • b1a6bf93d4ee659db03e51a3765d4d3c2ee3f1b56bd9b701ab5939d63f57d9ee
  • 85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6
  • 85962530c71cd31c102853d64a8829f93b63bd1406bdec537b9d8c200f8f0bcc
  • gycltda.cl
  • citscale.com
  • adslsdfdsfmo.world
Download all indicators here!

Attack Patterns

  • Zloader
  • Zloader