Search This Blog

Sunday, June 12, 2016

Communications of the Bolek Trojan

A few weeks ago CERT Polska released a short blog post introducing a new malware family now known as Bolek. PhishMe and Dr.Web have since added some additional insight into the family. Browsing through a memory dump of the malware, a Webinjects section sticks out. Webinjects usually imply banking malware, so it seems Bolek picks up where its predecessor, Carberp, leaves off. This post takes a closer look at its command and control (C2) mechanism and what it takes to elicit a configuration file from its C2 servers.



Communications of the Bolek Trojan

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.