To crypt, or to mine – that is the question

Discussion in '0-day Release' started by RGiskardR, Jul 6, 2018.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. During that time the malware writers have changed:
    • the way their Trojans get keys (from locally generated to received from the C&C);
    • the algorithms used (from using only a symmetric algorithm, through a commonly used scheme of symmetric + asymmetric, to 18 symmetric algorithms used simultaneously);
    • the crypto-libraries (LockBox, AESLib, DCPcrypt);
    • the distribution method (from spam to remote execution).
    Now the criminals have decided to add a new feature to their creation – a mining capability. In this article we describe a downloader that decides how to infect the victim: with a cryptor or with a miner.

    Full reading:
    wwd, Trim, Der.Reisende and 1 other person like this.
  2. Google Adsense

Share This Page