CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis
In the previous
installment, we wrote about how string hashing was used in
CARBANAK to manage Windows API resolution throughout the entire
codebase. But the authors used this same string hashing algorithm for
another task as well. In this installment, we’ll pick up where we left
off and write about CARBANAK’s antivirus (AV) detection, AV evasion,
authorship artifacts, exploits, secrets, and network-based indicators.
Source code unquestionably accelerates analysis of string hashes.
For example, the function AVDetect in AV.cpp iterates processes to detect AV ...