Full Disclosure mailing list archives
Inkasso Trojaner - Part 3
From: Curesec Research Team <crt () curesec com>
Date: Mon, 16 Sep 2013 13:41:00 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Folks, in difference to our first assumption, the trojan was more complex than estimated, so it took us some time to go on with the research about it. Here you will find Part 3: https://cureblog.de/2013/09/inkasso-trojaner-part-3/ In this report we point out how the rootkit infects a system, how it operates and what kind of anti-reversing and anti-debugging techniques are in place. We will use several tools: * ExeInfo PE * IDA Entropy Plugin * SysInternals Suite * IDA Pro * Immunity Debugger In the next report we will write more about the rootkit functionality and the botnet itself. If you missed the other parts find it here: https://cureblog.de/2013/06/inkasso-trojaner-part-1/ https://cureblog.de/2013/07/inkasso-trojaner-part-2/ Cheers and Happy Reversing! -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSNu5MAAoJEGT0/GOIxts0LeIQAKizQ3adexGOzar4drlzPyOw gkzfRH36FqF7MHMxD4ubh536dIK44NBHM1CP3tEznovaB/8VXPz5Uo8K40Tj4P5h qUt7mHppLbMAm23JujghrxomZ9B852/TwsI8ihBIoyM8HoJX0El1RKC6vqtPGvkY rANbSCORPF3UIkxAwP7IujHiZUAxrzPTqa8CMrbRL0PoJpN9VWiYYFeiVbZ6UJ1h DrD9tUPemi5kH2r5slQUHzEdQWPlZJiex/E+yiOYbmaQk+Zedof4FMuP+C+v95uT qG0ZcsKOrLF1t/52Ro6uUVbuPRXyijBznvTrPwtyP0+Xlqm4pmIckm+azDE7HO6Q czNrcHziPSToUJyuA7UUczPtyM1IaUE4vNT2N8yYEbwHiYjtJz4a2N8Dah0pb66M nxXBkn1h2UDgT9jRnnsJnoq36UrBoyjYOpmoFuMIhUG0Wjne7LNTeHDrkkcwvtSK ds4nWas/Pr8q+rEkQumKjRp06oLm2j/N0hTEpsbW3RcN9m/slD/f9lQiJ6NNATsj v890ZCYy3T2zq5G4EGxDHDsXuHwl9lEQlNmaZVr5IC2ox7Ej0mTXZuvzKgSnh0yV I4vkYiQ36coW5fKAzU4awIS29g7OxsKA58RDOl0nCEv6PHTOe5k0LyAd6crQhb1B oyobpFcBf9HTNDz5gcHe =L4bK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Inkasso Trojaner - Part 3 Curesec Research Team (Sep 17)