1EjX8zl
1EjX8zl
1EjX8zl
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2<br />
Contents<br />
Appendix A - related md5s .....................................................................................3<br />
Downloaders, injectors, infostealers ...............................................................3<br />
Appendix B. Fully Qualified Domain Names, Command and Control ................ 12<br />
Appendix C. Code-signing certificates ................................................................ 17<br />
Appendix D. Malcode Technical Notes ............................................................... 58<br />
Small Downloader .......................................................................................... 58<br />
Technical Details....................................................................................... 58<br />
Information Stealer......................................................................................... 60<br />
Technical Details....................................................................................... 60<br />
Trojan.Win32.Karba.e..................................................................................... 64<br />
Technical Notes......................................................................................... 64<br />
Selective Infector............................................................................................ 67<br />
Technical Notes......................................................................................... 67<br />
Trojan-Dropper & Injector (infected legitimate files)..................................... 67<br />
Technical Notes......................................................................................... 67<br />
Enhanced Keyloggers and Development...................................................... 68<br />
Technical Notes......................................................................................... 68<br />
Keylogger Code............................................................................................... 68<br />
Appendix E. Parallel and Previous Research...................................................... 73<br />
TLP: Green<br />
For any inquiries, please contact intelreports@kaspersky.com