0 0 APP

CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis

发布于 2019/04/24 FireEye Blog
In the previous installment, we wrote about how string hashing was used in CARBANAK to manage Windows API resolution throughout the entire codebase. But the authors used this same string hashing algorithm for another task as well. In this installment, we’ll pick up where we left off and write about CARBANAK’s antivirus (AV) detection, AV evasion, authorship artifacts, exploits, secrets, and network-based indicators. Antivirus Evasions Source code unquestionably accelerates analysis of string hashes. For example, the function AVDetect in AV.cpp iterates processes to detect AV ... 登录后阅读全文