To crypt, or to mine – that is the question

Discussion in '0-day Release' started by RGiskardR, Jul 6, 2018.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    [​IMG]
    Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. During that time the malware writers have changed:
    • the way their Trojans get keys (from locally generated to received from the C&C);
    • the algorithms used (from using only a symmetric algorithm, through a commonly used scheme of symmetric + asymmetric, to 18 symmetric algorithms used simultaneously);
    • the crypto-libraries (LockBox, AESLib, DCPcrypt);
    • the distribution method (from spam to remote execution).
    Now the criminals have decided to add a new feature to their creation – a mining capability. In this article we describe a downloader that decides how to infect the victim: with a cryptor or with a miner.

    Full reading: https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/
     
    wwd, Trim, Der.Reisende and 1 other person like this.
  2. Google Adsense

Share This Page