Brother
Professional
- Messages
- 2,590
- Reaction score
- 493
- Points
- 83
As practice shows, all virtual cyber operations against certain criminal infrastructures actually end in nothing if they do not have a forceful continuation in the real world.
One of these victories can be considered the statements of Microsoft, which in April 2022 reported the liquidation of Zloader, also known as Terdot, DELoader, Silent Night Terdot, DELoader, Silent Night.
Zloader is a modular Trojan based on the leaked Zeus code, which first became known in 2016 after attacks on German banks. From 2018 to 2019, developers completed the malware, which was revived on the darknet in 2019.
Evolving, in September 2021 Zloader appeared in version 2.0.0.0. As with Qakbot, Zloader operators moved from bank fraud to ransomware, surviving until April 2022.
According to Zscaler researchers, after almost a two-year hiatus, new versions of the malware with improvements and additions were noticed starting in September 2023.
These include new obfuscation techniques, an updated domain generation algorithm (DGA), RSA encryption for network communications, and the bootloader now has native support for 64-bit versions of Windows.
This new version was originally numbered 2.0.0.0, but in the last few months versions 2.1.6.0 and 2.1.7.0 have been released.
As the researchers note, Zloader posed and continues to pose a serious threat, and its return will most likely lead to new ransomware attacks.
At the same time, Microsoft's intervention only contributed to the increased activity of developers, who, after returning, implemented a new loader module, more effective obfuscation methods with API import hashing and string encryption.
One of these victories can be considered the statements of Microsoft, which in April 2022 reported the liquidation of Zloader, also known as Terdot, DELoader, Silent Night Terdot, DELoader, Silent Night.
Zloader is a modular Trojan based on the leaked Zeus code, which first became known in 2016 after attacks on German banks. From 2018 to 2019, developers completed the malware, which was revived on the darknet in 2019.
Evolving, in September 2021 Zloader appeared in version 2.0.0.0. As with Qakbot, Zloader operators moved from bank fraud to ransomware, surviving until April 2022.
According to Zscaler researchers, after almost a two-year hiatus, new versions of the malware with improvements and additions were noticed starting in September 2023.
These include new obfuscation techniques, an updated domain generation algorithm (DGA), RSA encryption for network communications, and the bootloader now has native support for 64-bit versions of Windows.
This new version was originally numbered 2.0.0.0, but in the last few months versions 2.1.6.0 and 2.1.7.0 have been released.
As the researchers note, Zloader posed and continues to pose a serious threat, and its return will most likely lead to new ransomware attacks.
At the same time, Microsoft's intervention only contributed to the increased activity of developers, who, after returning, implemented a new loader module, more effective obfuscation methods with API import hashing and string encryption.
