A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #11809  by Evilcry
 Sat Feb 25, 2012 6:21 pm
Hi,

The configuration of the above sample (85dc077d5e50b7e133fef85e09dfe2fb) targets several banks
from: USA, UK, France, Australia, United Arab Emirates, Saudi Arabia, Egypt, Netherlands, Germany.

WebInject code and URL Triggers like every Cridex (until this moment) are stored in clear in
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media Center\RANDOM_STRING]

Regards.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 15