Category Archives: Banking Trojan

Sinowal analysis (Windows 7, 32-bit)

Posted on March 3, 2012 by evild3ad

Sinowal (also known as Torpig or Anserin) is constant one of the top banking trojan all over the world since 2006. So I asked myself, why is there so little info on the web? Just found old articles, that’s why … Continue reading

Posted in Banking Trojan, English, Malware Forensics, Phishing, Sinowal | 3 Comments

Volatility Memory Forensics | Basic Usage for Malware Analysis

Posted on September 20, 2011 by evild3ad

Here is a real-world example of using Volatilty and YARA. You can download this good old ZeuS image from the Malware Analyst’s Cookbook: zeus.vmem.zip [41,4 MB] 1.) Go into your Volatility directory 2.) If you don’t know what type of … Continue reading

Posted in Banking Trojan, English, Malware Forensics, Memory Forensics, Volatility | 2 Comments

Phishing variants from online banking trojans

Posted on April 8, 2011 by evild3ad

1. iTAN-Thief After correct login the malicious software inserts a query for several iTANs. The prompted iTANs will be send together with the access data to the fraudster and will be misused afterwards. 2. Real-Time Attacks (Man-in-the-middle) The malicious software … Continue reading

Posted in Banking Trojan, Internet Banking Fraud, Malware Forensics, Online Banking Fraud, Phishing | Leave a comment

Malware Analysis (Internet Banking Fraud)

Posted on April 3, 2011 by evild3ad

Here are my usual steps: 1. Create a forensic image (.e01) of suspect media (System Hard Disk). 2. Objectives of the analysis: - Identification of the involved banking trojan - Detection of the trojan files on the infected computer - … Continue reading

Posted in Banking Trojan, Internet Banking Fraud, Malware Forensics, Online Banking Fraud, Phishing | Leave a comment