Hi guys!
I am kind of new in the field of reverse engineering, so sorry if it is a silly question.
I am currently analyzing a trojan for a school thesis that has similarities with the trojans Fareit and Tepfer.
I already know that the main purpose of the malware is to steal user credentials and to send them then to a c & c server via HTTP.
But there are two functionalities that I stillt don't understand:
- How is the malware encrypting the sent payload?
- Why is the malware creating a new CMD process? Does the malware maybe also function as an reverse shell?
Virustotal link: https://www.virustotal.com/de/file/8dc6 ... /analysis/
The malware sample is attached
I am kind of new in the field of reverse engineering, so sorry if it is a silly question.
I am currently analyzing a trojan for a school thesis that has similarities with the trojans Fareit and Tepfer.
I already know that the main purpose of the malware is to steal user credentials and to send them then to a c & c server via HTTP.
But there are two functionalities that I stillt don't understand:
- How is the malware encrypting the sent payload?
- Why is the malware creating a new CMD process? Does the malware maybe also function as an reverse shell?
Virustotal link: https://www.virustotal.com/de/file/8dc6 ... /analysis/
The malware sample is attached
Attachments
password: "infected"
(40.3 KiB) Downloaded 28 times
(40.3 KiB) Downloaded 28 times