Technical Analysis of Zloader 2.9.0.4
Essential information
- Published
- 11/12/2024 02:51
- Modified
- 11/12/2024 11:05
- Tags
- 2024-12-11 banking trojan dns tunneling ghostsocks initial access zeus zloader
- Related entities
- 18 observables, 1 intrusion sets (apt), 11 techniques (mitre), 2 malware
Description
The latest version of Zloader (2.9.4.0) introduces significant enhancements to its capabilities. Key features include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting various commands, and updated anti-analysis techniques. The malware's distribution has become more targeted, often utilizing Remote Monitoring and Management tools. Zloader's configuration now includes new sections related to DNS tunneling, and its environment check mechanism has been modified. The malware's API resolution process has been updated, and it now implements an interactive shell for executing various commands. The most notable addition is the DNS tunneling feature, which uses a custom protocol to encapsulate encrypted TLS traffic through DNS requests.