silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
A new PowerShell downloader dubbed sLoad is making the rounds, sporting impressive reconnaissance tactics and a penchant for geofencing, which indicate increasing sophistication when it comes to targeting efforts.
According to a Proofpoint analysis, the malware gathers information about the infected system, including a list of running processes, the presence of Outlook, and the presence of Citrix-related files. It will also take screenshots of the target machine.
“This is another chapter in the story we’ve seen emerging over the last few months,” Chris Dawson, threat intelligence lead at Proofpoint, told Threatpost. “Threat actors continue to adopt new, stealthy loaders with rich reconnaissance features. By using loaders that can also assess infected systems, actors can select their targets wisely and improve the quality of infected hosts, eliminating some of the noise associated with the ‘spray-and-pray’ campaigns we came to associate with the large-scale ransomware and banker attacks of the last few years.”
Full report by Proofpoint: sLoad and Ramnit pairing in sustained campaigns against UK and Italy