We have been noticing quite a few binaries lately that target Brazilian banks. While most tend to have the same behavior, we found a particular piece that actually encrypted most of its strings to slow down analysis. In this blog we analyze the decryption routine and write a decryption algorithm, as well as note some other general ways to automate dumping of encrypted strings and their associated plaintext. In addition to this technical dive, we also touch on other interesting behaviors of this particular malware, including its ability to detect the presence of G-Buster Browser Defense, a security solution offered by some Brazilian banks, such as Caixa Economica Federal.
Category: blogs
|
Posted by
Staff
232 days ago
Via: http://securitylabs.websense.com |
Discuss
Staff
232 days ago
Via: http://securitylabs.websense.com |
Discuss
Add this link to...
Bury
Best of Security is a consolidated resource for all kinds of security news and stories. Learn more...
Please update the link. I need mod dosevasive...I also need an updated link please...I also need an updated link if possible....Advisory of Workaround (by Xerox):
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
Hello - I am Jeff Hardy from SmarterTools.
The vulnerability...give me a new link for downloding this lib / .dll, please....
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
The vulnerability...give me a new link for downloding this lib / .dll, please....
Comments