• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory –CVE-2019-17558 – Apache Solr VelocityResponseWriter function Vulnerability
June 1, 2022
Rewterz Threat Update – SideWinder Hackers Carried Out Over 1,000 Cyber Attacks Since April 2020
June 1, 2022

Rewterz Threat Alert – ZLoader Banking Trojan – Active IOCs

June 1, 2022

Severity

High

Analysis Summary

ZLoader is also known as Terdot, DELoader, that loads the Zeus malware on victim machines after initial infection. It is a banking trojan. Like other banking trojans, It’s core capability is to harvest online account credentials for online banking sites (and some other services). When infected users land on a targeted online banking portal, malware dynamically fetches web injections from its command-and-control (C2) server to modify the page that the user sees, so that the information that the user enters into the log-in fields is sent to the cybercriminals. Attackers are found targeting victims with Invoice themed spear phishing malicious documents, in order to infect them with ZLoader. This wave of ZLoader samples also consists of files following the invoice-theme. The filenames are usually “invoice” or “case” with a special character like “.”, “-” or “_” followed by four random digits. The usual target is financial institutions and banks. ZLoader has multiple distribution methods. ZLoader was also found being distributed via malvertising campaigns earlier this September. Another campaign was found distributing ZLoader and other malware via Obfuscated VBScript in June.

Impact

  • Credential Theft
  • Financial Theft
  • Data Exfiltration

Indicators of Compromise

MD5

  • 2545b15483165d00d1b6d63d9fd0821d
  • 1b4eb327a40a14ac4afa627125b63056
  • bb1272e0e3289985b4578f1b013fa5d5

SHA-256

  • d36366666b407fe5527b96696377ee7ba9b609c8ef4561fa76af218ddd764dec
  • 034f61d86de99210eb32a2dca27a3ad883f54750c46cdec4fcc53050b2f716eb
  • c55a25514c0d860980e5f13b138ae846b36a783a0fdb52041e3a8c6a22c6f5e2

SHA-1

  • 9b2eb26b24ba3a81f7813b9073a9e4358ff4618f
  • 2c0bc274bc2fd9dab82330b837711355170fc606
  • b19802976ff277fd4dd1adb5e950d84a3fcf6cf5

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.