Banking Trojan Delivered By sLoad and LOLbins: A Cyberattack


#1
image (5)-1

Research by Lior Rochberger, Eli Salem, & Niv Yon

Introduction

In Proofpoint’s recently published report, sLoad and Ramnit pairing in sustained campaigns against the UK and Italy, they explain how threat actor TA554 used the sLoad dropper to distribute the Ramnit banking Trojan to target financial institutions across Italy, Canada, and the UK. Cybereason detected a similar evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign. 

Article Link: https://www.cybereason.com/blog/banking-trojan-delivered-by-sload-and-lolbins-a-cyberattack