Source |
Malwarebytes Labs |
Identifiant |
779618 |
Date de publication |
2018-08-13 18:29:05 (vue: 2018-08-18 20:00:45) |
Titre |
Process Doppelgänging meets Process Hollowing in Osiris dropper (Recyclage) |
Texte |
Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn't been seen much in the wild since. It was an interesting surprise, then, to discover its use mixed in with Process Hollowing, yet another technique, in a dropper for the Osiris banking Trojan.
Categories:
Malware
Threat analysis
Tags: dropperkronososirisOsiris dropperprocess dopplegangingtrojan
(Read more...)
|
Envoyé |
Oui |
Condensat |
analysis another appeared banking been but categories: discover discovered doppelgänging doppleganging dopplegangingtrojan dropper dropperkronososirisosiris dropperprocess first hasn hollowing impersonating interesting its labs last malware malwarebytes meets mixed more much osiris post process rare read seen since surprise tags: technique then threat trojan use wild year yet |
Tags |
|
Stories |
|
Notes |
|
Move |
|
Source |
Malwarebytes Labs |
Identifiant |
773788 |
Date de publication |
2018-08-09 18:52:05 (vue: 2018-08-09 22:03:24) |
Titre |
Osiris dropper found using process doppelgänging |
Texte |
Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn't been seen much in the wild since. It was an interesting surprise, then, to discover its use in a dropper of the Osiris banking Trojan. We unpack the code to show how malware authors used this process.
Categories:
Malwarebytes news
Tags: dropperkronososirisOsiris dropperprocess dopplegangingtrojan
(Read more...)
|
Envoyé |
Oui |
Condensat |
appeared authors banking been but categories: code discover discovered doppelgänging doppleganging dopplegangingtrojan dropper dropperkronososirisosiris dropperprocess first found hasn how impersonating interesting its labs last malware malwarebytes more much news osiris post process rare read seen show since surprise tags: technique then trojan unpack use used using wild year |
Tags |
Malware
|
Stories |
|
Notes |
|
Move |
|