May 3, 2024 By Pierluigi Paganini
Zloader continues to evolve, its authors added an anti-analysis feature that was originally present in the Zeus banking trojan.
Zloader (aka Terdot, DELoader, or Silent Night) is a modular trojan based on the leaked ZeuS source code. After a hiatus of almost two years, Zloader reappeared with new obfuscation techniques, domain generation algorithm (DGA), and network communication.
Recently, its authors reintroduced an anti-analysis feature similar to the one implemented in the original ZeuS 2.x code. This feature prevents malware execution outside the infected machine, a feature that had been abandoned by many malware variants that borrow the Zeus leaked source code.
“Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus.” reads the analysis published by Zscaler. “The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection. A similar anti-analysis feature was present in the leaked ZeuS 2.X source code, but implemented differently.”
