Tag: zloader

6 Attack Reports | 0 Vulnerabilities

Attack reports

Technical Analysis of Zloader Updates

Recent versions of Zloader, a Zeus-based modular trojan, have introduced significant enhancements to its functionality. These updates include improved obfuscation techniques, anti-analysis strategies, and network communication methods. The malware now supports WebSockets and has modified its DNS tu…
obfuscation
ransomware
evasion
anti-analysis
zloader
zeus
trojan
banking
websockets
2025-09-22
dns-tunneling
zeus-based
ldap
Published: September 22, 2025
Downloadable IOCs: 0

Danabot: Analyzing a fallen empire

ESET Research shares insights into Danabot, an infostealer recently disrupted by law enforcement. The malware, tracked since 2018, evolved from a banking trojan to a versatile tool for data theft and malware distribution. Operated as a malware-as-a-service, Danabot offered features like data steali…
infostealer
lockbit
data theft
darkgate
zloader
botnet
lumma stealer
matanbuchus
cybercrime
danabot
latrodectus
malware-as-a-service
smokeloader
banking trojan
systembc
buran
rescoms
recordbreaker
ursnif
2025-05-23
2025-05-25
nonransomware
proxy servers
crisis
c&c infrastructure
malware-as-service
Published: May 25, 2025
Downloadable IOCs: 1

Inside Zloader's Latest Trick: DNS Tunneling

Zloader, a modular Trojan based on Zeus source code, has introduced new features in version 2.9.4.0 to enhance its anti-analysis capabilities and resilience against detection. Key updates include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting over a dozen comman…
zloader
dns tunneling
banking trojan
2024-12-11
malware evolution
ghostsocks
zeus variant
Published: December 11, 2024
Downloadable IOCs: 3

Technical Analysis of Zloader 2.9.0.4

The latest version of Zloader (2.9.4.0) introduces significant enhancements to its capabilities. Key features include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting various commands, and updated anti-analysis techniques. The malware's distribution has become mor…
zloader
zeus
dns tunneling
banking trojan
initial access
2024-12-11
ghostsocks
Published: December 11, 2024
Downloadable IOCs: 18

Fake update puts visitors at risk

This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguised as fake browser updates. It analyzes the recent tactics, techniques, and procedures employed by threat groups like Evil Corp in compromising WordPress websites, fingerp…
malware
cobalt strike
zloader
lumma stealer
socgholish
wordpress
downloader
redline stealer
2024-07-24
netsupport rat
egregor
ryuk
fake update
badspace
Published: July 24, 2024
Downloadable IOCs: 10

Zloader Learns Old Tricks

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…
python
anti-analysis
windows registry
zloader
zeus
Published: April 30, 2024
Downloadable IOCs: 8
Click here to see more Attack Reports