Nymaim - obfuscation chronicles

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Nymaim - obfuscation chronicles
Botnet Nymaim
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-08-26
Editor/Conference ESET
Link http://www.welivesecurity.com/2013/08/26/nymaim-obfuscation-chronicles/ (Archive copy)
Author Jean-Ian Boutin
Type Blogpost

Abstract

Last month, my colleague Sébastien Duquette detailed the home campaign, a long-lasting operation consisting of compromised web servers running a malicious Apache module named Darkleech (detected by ESET as Linux/Chapro) that redirects visitors to a Blackhole exploit kit. Sébastien stated that one of the final payloads dropped by this operation was the Win32/Nymaim downloader/ransomware family. In this blog post, we will look at the technical details of this particular malware and how it ends up getting installed on an end-user’s computer. We will also look at the various control flow obfuscation techniques that make its analysis as interesting as it is challenging.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1364,
   editor = {ESET},
   author = {Jean-Ian Boutin},
   title = {Nymaim - obfuscation chronicles},
   date = {26},
   month = Aug,
   year = {2013},
   howpublished = {\url{http://www.welivesecurity.com/2013/08/26/nymaim-obfuscation-chronicles/}},
 }