Inside Zloader's Latest Trick: DNS Tunneling

SUMMARY :

Zloader, a modular Trojan based on Zeus source code, has introduced new features in version 2.9.4.0 to enhance its anti-analysis capabilities and resilience against detection. Key updates include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting over a dozen commands, and improved anti-analysis techniques. The malware now uses more targeted distribution methods, moving away from large-scale spam campaigns. Technical analysis reveals changes in configuration, environment checks, API resolution, and network communication. The new DNS tunneling feature allows Zloader to encapsulate encrypted TLS traffic through a custom protocol using DNS records, providing an additional layer of obfuscation.

OPENCTI LABELS :

banking trojan,malware evolution,zloader,dns tunneling,ghostsocks,zeus variant


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Inside Zloader's Latest Trick: DNS Tunneling