Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell that supports more than a dozen commands, which may be valuable for ransomware attacks. These modifications provide additional layers of resilience against detection and mitigation.
ZLoader's anti-analysis techniques such as environment checks and API import resolution algorithms continue to be updated to evade malware sandboxes and static signatures.
In recent months, the distribution of ZLoader has been increasingly associated with Black Basta ransomware attacks, with threat actors deploying the malware by means of remote desktop connections established under the guise of fixing a tech support issue.
The cybersecurity firm said it discovered an additional component in the attack chain that first involves the deployment of a payload called GhostSocks, which is then used to drop ZLoader.
Collection
[
|
...
]