Español | English
rss facebook linkedin Twitter

New banking trojan 'Slave' hitting Polish Banks

We have spotted a new banking trojan in the wild that uses JSON formatted webinjects. After that so many Zeus-like webinjects around, this was kind of refreshing. Currently this banker only have targets in Poland. We are analyzing injects, as they are capable of using ATS.



The malware has a time check which prevents it from running after 1 of April 2015. Don't get fooled, the botmaster probably would issue an update command before that could happen, but this can render useless already "captured" samples that are circulating on the internet between researchers.


There are indications that the author used chromium source code to build the malware, hence we dubbed it "Slave":


One of the original filenames was Faktura V_388_02_20_2015.doc.scr, which pretty much sounds like if it was distributed via spam.

Some hashes:
1a621d205e984f92a42e00dd250e4ca0
3bd78217be4e455c107f81543de51bf0
50fc29042f8c54d99a6ec3dfd82b40e0
400fbcaaac9b50becbe91ea891c25d71
ced7970f13c40448895967d4c47843e0
fab771fb164e54c6982b7eb7ba685500

If possible, we will show how ATS is working for this injection in an update.

For further info, please contact us: blog [at] s21sec.com

S21sec Ecrime

0 comentarios:


(+34 902 222 521)


24 hours a day, 7 days a week



© Copyright S21sec 2013 - All rights reserved


login