A Second Look at Recent TerraLoader Dropper DLL Updates
released on 2021-04-29 @ 08:24:22 PM
The malware author responsible for the TerraLoader, who is believed to be BadBullzVenom after a disagreement between the actor and customer took place on an underground forum market place, appears to have been happily updating their delivery system again referred to as TerraLoader. This blog post is mostly an addendum of reverse engineering notes after analyzing a sample in the report by @Arkbird_SOLG, which primarily focuses on the DLL that will build and deliver the javascript backdoor commonly referred to as ‘more_eggs’.