Malwarebytes and HYAS have teamed up to jointly produce a paper which features the discovery of a new but elusive malware.
Coined “Silent Night”, the malware has been discovered to be a new family built upon the ZeuS heritage. Previously only referenced as a Zloader/Zbot, the teams conducted their investigations and found out that its initial sample is a downloader capable of fetching the core malicious module and injecting it into various running processes.
In this paper, Malwarebytes and HYAS provide the description and appearance of the malware, dive deep into its Command-and-Control (C2) panel, discuss ways to cluster the samples based on the values in the bot’s config files, and also compare it to some of the other Zbots that have been popular in recent years.