首页
社区
课程
招聘
[原创]The “Silent Night” Zloader-Zbot]
发表于: 2020-6-5 04:05 3805

[原创]The “Silent Night” Zloader-Zbot]

2020-6-5 04:05
3805

The “Silent Night” Zloader-Zbot - Foreword


ZeuS is probably the most famous banking Trojan ever released. Since its source code
leaked, various new variants are making the rounds. In the past we wrote about one of its
forks, called Terdot Zbot/Zloader.
Recently, we have been observing another bot, with the design reminding of ZeuS, that
seems to be fairly new (a 1.0 version was compiled at the end of November 2019), and is
actively developed. Since the specific name of this malware was for a long time unknown
among researchers, it happened to be referenced by a generic term Zloader/Zbot (a
common name used to refer to any malware related to the ZeuS family).
Our investigation led us to find that this is a new family built upon the ZeuS heritage, being
sold under the name “Silent Night”. In our report, we will call it “Silent Night” Zbot.
The initial sample is a downloader, fetching the core malicious module and injecting it into
various running processes. We can also see several legitimate components involved, just
like in Terdot’s case.
In this paper, we will take a deep dive into the functionality of this malware and its
Command-and-Control (C2) panel. We are going to provide a way to cluster the samples
based on the values in the bot’s config files. We will also compare it with some other Zbots
that have been popular in recent years, including Terdot.


https://blog.malwarebytes.com/threat-analysis/2020/05/the-silent-night-zloader-zbot/


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

上传的附件:
收藏
免费 1
支持
分享
最新回复 (1)
雪    币: 341
活跃值: (1005)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
2
多谢分享。
2020-6-5 11:07
0
游客
登录 | 注册 方可回帖
返回
//