For C2 communications, Zloader
2.9.4.0 introduces a unique DNS tunnel protocol.
In September 2023, malware distribution campaigns were detected for the first time in nearly two years. Z loader distribution has been more closely linked to Black Basta ransomware attacks in recent months. It has been discovered that the malware uses a domain generation algorithm (DGA) and takes precautions to avoid running on hosts that are different from the original infection; this method was also observed in the Zeus banking trojan on which it is based.In a report on the most recent iteration of the Z loader malware, Zscaler ThreatLabz stated that "Zloader's anti-analysis techniques such as environment checks and API import resolution algorithms continue to be updated to evade malware sandboxes and static signatures." "The threat group continues to add new features and functionality to more effectively serve as an initial access broker for ransomware," the cybersecurity company stated in the report.
"These modifications provide additional layers of resilience against detection and mitigation," the company stated in an official statement regarding the latest version of Zloader, a malware loader that can launch next-stage payloads and is also referred to as Terdot, DELoader, or Silent Night.