A Deep Dive into Zloader – the Silent Night

As part of my work at Vincss, I wrote an article about Zloader – “[RE026] A Deep Dive into Zloader – the Silent Night“.

Zloader, a notorious banking trojan also known as Terdot or Zbot. This trojan was first discovered in 2016, and over time its distribution number has also continuously increased. The Zloader’s code is said to be built on the leaked source code of the famous ZeuS malware. In 2011, when source code of ZeuS was made public and since then, it has been used in various malicious code samples.

Zloader has all the standard functionality of a trojan such as being able to fetch information from browsers, stealing cookies and passwords, capturing screenshots, etc. and for making analysis difficult, it applies advanced techniques, including code obfuscation and string encryption, masking Windows APIs call. Recently, CheckPoint expert published an analysis of a Zloader distribution campaign whereby the infection exploited Microsoft’s digital signature checking process. In addition, Zloader has also recently partnered with different ransomware gangs are Ryuk and Egregor. 

(more…)