Research by Eli Salem, Lior Rochberger, & Niv Yona
Introduction
In Proofpoint’s recently published report, sLoad and Ramnit pairing in sustained campaigns against the UK and Italy, they explain how threat actor TA554 used the sLoad dropper to distribute the Ramnit banking Trojan to target financial institutions across Italy, Canada, and the UK. Cybereason detected a similar evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign.
Article Link: https://www.cybereason.com/blog/banking-trojan-delivered-by-lolbins-ramnit-trojan