Contact

Technical Analysis of Zloader 2.9.0.4

NetmanageIT OpenCTI - opencti.netmanageit.com

Technical Analysis of Zloader 2.9.0.4



SUMMARY :

The latest version of Zloader (2.9.4.0) introduces significant enhancements to its capabilities. Key features include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting various commands, and updated anti-analysis techniques. The malware's distribution has become more targeted, often utilizing Remote Monitoring and Management tools. Zloader's configuration now includes new sections related to DNS tunneling, and its environment check mechanism has been modified. The malware's API resolution process has been updated, and it now implements an interactive shell for executing various commands. The most notable addition is the DNS tunneling feature, which uses a custom protocol to encapsulate encrypted TLS traffic through DNS requests.

OPENCTI LABELS :

banking trojan,initial access,zloader,zeus,dns tunneling,ghostsocks


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Technical Analysis of Zloader 2.9.0.4