Executive summary
Brazilian banker malware is one of the popular banking
malware which targets South America and referred by malware researchers as
SA-Banker or Brazilian Banker. Many campaigns were used by malware actors to
reach the victim and lure them to give their credentials in the application. Once
the fake application get the banking credentials which will be acquired by the malware
authors. Last week, we got the attention of banking malware which uses
campaigns using Facebook’s content delivery network (CDN).
Campaign using FB
CDN:
Security researchers worried on the latest campaign using Facebook’s
CDN so it makes harder for the security products to block.
 |
Figure 1 CDN used in Brazilian banking malware
|
The last week data from malware hunter team says that around
200 thousand people opened the email from Brazil. Refer the following image
from malware hunter team:
 |
Figure 2 Email Infection stats
|
Our researchers dig deeper and get the malware samples for
analysis. This is purely targeted on Brazil banking customers.
Analysis
File MD5: 76E3E02AD689AF06699205D5BE956894
Size of the file: 752 KB
 |
Figure 3 File submission
|
This sample was submitted to the system, two days back only
and like we said the origin or source of the submission is Brazil. And the file
type is dll.
 |
Figure 4 Banker detection
|
We load the sample to PEid for checking the export details.
 |
Figure 5 Export details of the malware sample
|
Further analysis will be published in the next post.
Post by
No comments:
Post a Comment