Category Archives: Banking Trojan

Analysis of Android.Trojan.FakeSite.A aka Perkele

Intro: What is Perkele? Perkele is a crimeware kit used to generate Android trojans for monitoring and forwarding SMS messages containing mTANs. Perkele, made a name for itself because it can be combined with any malicious code that executes webinject … Continue reading

Posted in Android, Banking Trojan, English, Mobile Security | Leave a comment

Analysis of Android.Zitmo-Urlzone

Intro: What is Android.Zitmo-Urlzone? Android.Zitmo-Urlzone is the mobile “add-on” for the banking trojan Urlzone. This app, known as a Zeus In The Mobile variant, steals incoming SMS messages and uploads them to the remote server. Its primary purpose is to … Continue reading

Posted in Android, Banking Trojan, English, Malware Forensics, Mobile Security | Leave a comment

Sinowal analysis (Windows 7, 32-bit)

Sinowal (also known as Torpig or Anserin) is constant one of the top banking trojan all over the world since 2006. So I asked myself, why is there so little info on the web? Just found old articles, that’s why … Continue reading

Posted in Banking Trojan, English, Malware Forensics, Online Banking Fraud, Phishing, Sinowal | 3 Comments

Volatility Memory Forensics | Basic Usage for Malware Analysis

Here is a real-world example of using Volatilty and YARA. You can download this good old ZeuS image from the Malware Analyst’s Cookbook: zeus.vmem.zip [41,4 MB] 1.) Go into your Volatility directory 2.) If you don’t know what type of … Continue reading

Posted in Banking Trojan, English, Malware Forensics, Memory Forensics, Volatility | 2 Comments